Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 09 Jan 2012 17:05:49 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE request: znc

On 01/09/2012 04:59 AM, Henri Salo wrote:
> On Mon, Jan 09, 2012 at 01:17:33PM +0200, Henri Salo wrote:
>> On Sun, Jan 08, 2012 at 04:39:48PM +0100, Moritz Muehlenhoff wrote:
>>> Hi,
>>> please assign a CVE ID to a DoS issue in the ZNC IRC bouncer.
>>>
>>> I don't have a upstream reference, but the upstream patch applied 
>>> by the Debian maintainer can be found here:
>>>
>>> http://patch-tracker.debian.org/patch/series/view/znc/0.202-2/01-fix-bouncedcc-dos.diff 
>>> http://packages.qa.debian.org/z/znc/news/20120107T145601Z.html
>>>
>>> Cheers,
>>>         Moritz
>> Here is the changelog: http://wiki.znc.in/ChangeLog/0.202
>> This looks a bit like Debian-patch: https://github.com/znc/znc/commit/6ae491ca66e8f7d8c4fe3caca3adbe147c7e552c#modules/bouncedcc.cpp
> Correcting myself as Patrick Matthäi (Debian package maintainer) answered. Correct upstream patch is: https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9
>
> - Henri Salo
Please use CVE-2012-0033 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ