Summary: | <net-irc/inspircd-2.0.23: certificate spoofing through crafted SASL message | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | slawomir.nizio | ||||
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.openwall.com/lists/oss-security/2016/09/05/8 | ||||||
Whiteboard: | B3 [noglsa/cve] | ||||||
Package list: |
=net-irc/inspircd-2.0.23
|
Runtime testing required: | --- | ||||
Attachments: |
|
Description
Agostino Sarubbo
2016-09-09 13:36:59 UTC
@ maintainer(s): v2.0.23 which contains the fix is available since 2016-09-03. Created attachment 464364 [details, diff]
inspircd 2.0.23
Bugzie appears to have eaten the emails about this. I never saw this in "bugs assigned to me", because of course, it's assigned to a security@ alias instead of a person that can fix it.
Attached is a bump, fully tested (build, run, and client connect) on x86_64 and PPC64.
Now in repository. Let's wait until 2017-02-27 before we start stabilization. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No |