Hello, Currently three versions of InspIRCd are packaged by Gentoo: 3.8.1 (latest), 3.4.0, and 2.0.29. Would it be possible for you to remove the old packages for 3.4.0 and 2.0.29? InspIRCd v2 support ends at the end of 2020 (approx 29 hours from now at the time of filing) and 3.4.0 contains an unpatched security vulnerability so these versions are not really suitable for use anymore. Thanks, ~Sadie
Thank you for reporting, do you have a link to the vulnerability? I could not find it upstream.
(In reply to Jonas Stein from comment #1) > Thank you for reporting, do you have a link to the vulnerability? I could > not find it upstream. Use after free vulnerability in the pgsql module (2020-01): https://docs.inspircd.org/security/2020-01/ Double free vulnerability in the websocket module (2020-02): https://docs.inspircd.org/security/2020-01/
This all appears to be covered by the inspircd we already have, and those bugs will necessitate cleanup too. No need for a separate bug for cleanup. Thank you for your attentiveness, in any case. *** This bug has been marked as a duplicate of bug 755854 ***
They’ll be cleaned up shortly, thank you! (I’m not at a shell or I’d do it now). Note that while they do need cleaning up, they’re shadowed by newer stable versions (green on packages.gentoo.org) so _shouldn’t_ be installed anyway unless someone goes out of their way to.
(In reply to Sam James from comment #4) > Note that while they do need cleaning up, they’re shadowed by newer stable > versions (green on packages.gentoo.org) so _shouldn’t_ be installed anyway > unless someone goes out of their way to. I wouldn't be surprised if someone is still clinging to v2 due to the configuration changes (I did for a while myself, but that was years ago and migrated since), but yeah it's really time to move on.
>I wouldn't be surprised if someone is still clinging to v2 due to the configuration changes (I did for a while myself, but that was years ago and migrated since), but yeah it's really time to move on. I was waiting to remove v2 until it had hit EoL, but this is close enough.