Summary: | net-irc/inspircd: drop old versions 3.4.0 and 2.0.29 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sadie Powell <sadie> |
Component: | Current packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | ionen, jstein, proxy-maint, sam, wadecline |
Priority: | Normal | Keywords: | SECURITY |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=755854 https://bugs.gentoo.org/show_bug.cgi?id=755851 https://bugs.gentoo.org/show_bug.cgi?id=743205 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sadie Powell
2020-12-30 19:12:16 UTC
Thank you for reporting, do you have a link to the vulnerability? I could not find it upstream. (In reply to Jonas Stein from comment #1) > Thank you for reporting, do you have a link to the vulnerability? I could > not find it upstream. Use after free vulnerability in the pgsql module (2020-01): https://docs.inspircd.org/security/2020-01/ Double free vulnerability in the websocket module (2020-02): https://docs.inspircd.org/security/2020-01/ This all appears to be covered by the inspircd we already have, and those bugs will necessitate cleanup too. No need for a separate bug for cleanup. Thank you for your attentiveness, in any case. *** This bug has been marked as a duplicate of bug 755854 *** They’ll be cleaned up shortly, thank you! (I’m not at a shell or I’d do it now). Note that while they do need cleaning up, they’re shadowed by newer stable versions (green on packages.gentoo.org) so _shouldn’t_ be installed anyway unless someone goes out of their way to. (In reply to Sam James from comment #4) > Note that while they do need cleaning up, they’re shadowed by newer stable > versions (green on packages.gentoo.org) so _shouldn’t_ be installed anyway > unless someone goes out of their way to. I wouldn't be surprised if someone is still clinging to v2 due to the configuration changes (I did for a while myself, but that was years ago and migrated since), but yeah it's really time to move on. >I wouldn't be surprised if someone is still clinging to v2 due to the configuration changes (I did for a while myself, but that was years ago and migrated since), but yeah it's really time to move on.
I was waiting to remove v2 until it had hit EoL, but this is close enough.
|