Date: Tue, 10 Aug 2010 17:34:10 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: Re: CVE Request - ZNC Please use CVE-2010-2812 for the PING issue Please use CVE-2010-2934 for the substr() issues. Thanks. -- JB ----- "Kurt Seifried" <kurt@...fried.org> wrote: > Sorry forgot to mention it's version 0.092 (currently the latest) is > affected. > > On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt@...fried.org> > wrote: > > Vincent Danen 2010-08-09 17:44:43 EDT > > > > An out-of-range flaw was found in znc where if it received a "PING" > from a > > client without an argument, std::string would throw a > std::out_of_range > > exception which killed znc. This is fixed in subversion . > > > > Some unsafe substr() calls were fixed as well. These are of lesser > impact > > because a valid login is required in order to cause a > std::out_of_range > > exception. This is also fixed in subversion . > > > >  > http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093 > >  > http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095 > > > > http://en.znc.in/wiki/ZNC > > https://bugzilla.redhat.com/show_bug.cgi?id=622601 > > https://bugzilla.redhat.com/show_bug.cgi?id=622600 > > > > > > > -- > Kurt Seifried > kurt@...fried.org > tel: 1-703-879-3176
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.