"Summary The pgsql module before v2.0.29 and v3.6.0 contains a use after free vulnerability. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server. Affected Versions This vulnerability is present in the following releases: All versions of v2 before v2.0.29 All versions of v3 before v3.6.0 Recommended Action This vulnerability is fixed in versions 2.0.29 and 3.6.0. It is strongly recommended that all affected users upgrade. If upgrading is not possible then the pgsql module should be unloaded."
Unable to check for sanity: > no match for package: net-irc/inspircd-3.8.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83567ff2355ef80076990e51cc58fcef2cdf1138 commit 83567ff2355ef80076990e51cc58fcef2cdf1138 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-30 21:25:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-31 01:13:41 +0000 net-irc/inspircd: security cleanup (drop <3.8.1) Bug: https://bugs.gentoo.org/743205 Bug: https://bugs.gentoo.org/755851 Bug: https://bugs.gentoo.org/755854 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18885 Signed-off-by: Sam James <sam@gentoo.org> net-irc/inspircd/Manifest | 2 - .../files/inspircd-2.0.27-fix-path-builds.patch | 257 ------------------- .../files/inspircd-3.4.0-fix-path-builds.patch | 271 --------------------- net-irc/inspircd/inspircd-2.0.29.ebuild | 115 --------- net-irc/inspircd/inspircd-3.4.0-r1.ebuild | 121 --------- 5 files changed, 766 deletions(-)