Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 398159 (CVE-2012-0033) - <net-irc/znc-0.202-r1 : Denial of Service (CVE-2012-0033)
Summary: <net-irc/znc-0.202-r1 : Denial of Service (CVE-2012-0033)
Alias: CVE-2012-0033
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa]
Depends on:
Reported: 2012-01-08 15:57 UTC by Sean Amoss (RETIRED)
Modified: 2012-01-10 09:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sean Amoss (RETIRED) gentoo-dev Security 2012-01-08 15:57:26 UTC
From CVE request at $URL:

please assign a CVE ID to a DoS issue in the ZNC IRC bouncer.

I don't have a upstream reference, but the upstream patch applied 
by the Debian maintainer can be found here:
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-08 16:11:50 UTC
from commit:

Affected ZNC versions: 0.200, 0.202.

probably here it should be ~3 ?
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-08 16:38:48 UTC
Indeed, 0.9.4 does not include bouncedcc module.
Comment 3 Alex Alexander (RETIRED) gentoo-dev 2012-01-08 18:20:18 UTC
patch applied in znc-0.202-r1
old ebuild removed.

upstream reference:

thanks :)
Comment 4 Alex Alexander (RETIRED) gentoo-dev 2012-01-08 18:29:57 UTC
real upstream reference:
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-01-08 19:07:45 UTC
Thanks, everyone. Closing noglsa since stable packages were not affected.