Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Sep 2016 17:26:06 -0500
From: William Pitcock <>
To: "" <>
Subject: Re: CVE ID request: certificate spoofing through
 crafted SASL message in inspircd, charybdis


UnrealIRCd is also affected:

As is Nefarious:


On Sun, Sep 4, 2016 at 4:45 PM, Antoine Beaupré <> wrote:
> inspircd published 2.0.23 that fixes an issue with SASL
> authentication. The details are here:
> All versions are affected.
> Upstream hasn't requested a CVE yet. I told them I would request one
> from here on IRC.
> It seems to also affect Charybdis, which fixed the issue in the
> upcoming 3.5.3 release:
> A.
> --
> All governments are run by liars and nothing they say should be
> believed.
>                        - I. F. Stone

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.