* CVE-2019-20917 Description: "An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. " Links: https://docs.inspircd.org/security/2019-02/ https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 * CVE-2019-20918 Description: "An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server." Links: https://docs.inspircd.org/security/2019-01/ https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 * CVE-2020-25269 Description: "An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server." Links: https://docs.inspircd.org/security/2020-01/ https://github.com/inspircd/inspircd/compare/426d1c8...b3f1db9 https://github.com/inspircd/inspircd/compare/v2.0.28...07d7dea
These bugs are resolved in tree but this is for possible GLSA purposes. No need for maintainer action.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83567ff2355ef80076990e51cc58fcef2cdf1138 commit 83567ff2355ef80076990e51cc58fcef2cdf1138 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-30 21:25:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-31 01:13:41 +0000 net-irc/inspircd: security cleanup (drop <3.8.1) Bug: https://bugs.gentoo.org/743205 Bug: https://bugs.gentoo.org/755851 Bug: https://bugs.gentoo.org/755854 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18885 Signed-off-by: Sam James <sam@gentoo.org> net-irc/inspircd/Manifest | 2 - .../files/inspircd-2.0.27-fix-path-builds.patch | 257 ------------------- .../files/inspircd-3.4.0-fix-path-builds.patch | 271 --------------------- net-irc/inspircd/inspircd-2.0.29.ebuild | 115 --------- net-irc/inspircd/inspircd-3.4.0-r1.ebuild | 121 --------- 5 files changed, 766 deletions(-)