Date: Sun, 04 Sep 2016 17:45:03 -0400 From: anarcat@...ian.org (Antoine Beaupré) To: oss-security@...ts.openwall.com Subject: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis inspircd published 2.0.23 that fixes an issue with SASL authentication. The details are here: http://www.inspircd.org/2016/09/03/v2023-released.html All versions are affected. Upstream hasn't requested a CVE yet. I told them I would request one from here on IRC. It seems to also affect Charybdis, which fixed the issue in the upcoming 3.5.3 release: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824 A. -- All governments are run by liars and nothing they say should be believed. - I. F. Stone
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.