Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 May 2016 19:14:58 +0200
From: Max Teufel <max@...felsnetz.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: atheme: security fixes

Hi,

Multiple security issues were found in Atheme, an IRC services package,
which will be fixed in the upcoming 7.2.7 release. Could CVEs be
assigned to the issues summarized below?

Fix:
https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
Description: A remote attacker could change Atheme's behavior by
registering/dropping certain accounts/nicks.
Reference: https://github.com/atheme/atheme/issues/397

Fix:
https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
Description: Under certain circumstances, a remote attacker could cause
denial of service due to a buffer overflow in the XMLRPC response
encoding code.

Regards,
Max Teufel

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.