Date: Sat, 15 Aug 2015 13:52:45 +0200 From: Moritz Mühlenhoff <jmm@...til.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request: 2 issues in inspircd On Wed, Apr 15, 2015 at 07:22:01PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Mar 29, 2015 at 02:20:44PM +0200, Sébastien Delafond wrote: > > Hi, > > > > the Debian Security Team is requesting 2 CVEs for inspircd. > > > > * the fix that was included in Debian for CVE-2012-1836 is incomplete, > > and does not solve the original remote code execution problem. See: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5 > > > > * a DoS can be triggered by invalid DNS packets. See: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5 > > https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423 > > For reference, this has been fixed via DSA-3226-1 in Debian: > https://lists.debian.org/debian-security-announce/2015/msg00114.html *ping* These never ended up in CVE assignments. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ