A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the improper handling of overly long passwords within the "default_encrypt()" function in encrypt.c and can be exploited to crash an affected server. The vulnerability is reported in versions prior to 5.0.63 and 5.1.9. Solution: Update to version 5.0.63 or 5.1.9. http://www.ircservices.za.net/download.html Provided and/or discovered by: The vendor credits loverboy. Reproducible: Always
maintainers - please advice
*** Bug 200467 has been marked as a duplicate of this bug. ***
Missed that one.
Ok, bumped to 5.0.63 till i have some more time to bump to 5.1.9
Arches, please test and mark stable net-irc/ircservices-5.0.63. Target keywords : "ppc x86"
x86 stable
ppc stable
this bug is ready for glsa decision
Voting YES.
yes too, request filed.
GLSA 200712-12
Does not affect current (2008.0) release. Removing release.