Date: Mon, 5 Sep 2016 17:26:06 -0500 From: William Pitcock <nenolod@...eferenced.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis Hello, UnrealIRCd is also affected: https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766 As is Nefarious: https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5 William On Sun, Sep 4, 2016 at 4:45 PM, Antoine Beaupré <anarcat@...ian.org> wrote: > inspircd published 2.0.23 that fixes an issue with SASL > authentication. The details are here: > > http://www.inspircd.org/2016/09/03/v2023-released.html > > All versions are affected. > > Upstream hasn't requested a CVE yet. I told them I would request one > from here on IRC. > > It seems to also affect Charybdis, which fixed the issue in the > upcoming 3.5.3 release: > > https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824 > > A. > > -- > All governments are run by liars and nothing they say should be > believed. > - I. F. Stone
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.