[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request - ZNC
From:       Kurt Seifried <kurt () seifried ! org>
Date:       2010-08-09 23:38:59
Message-ID: AANLkTinOn79QjN4KXpyj+efyVtQo=kiZ2DmXa+nEtWEd () mail ! gmail ! com
[Download RAW message or body]

Sorry forgot to mention it's version 0.092 (currently the latest) is affected.

On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt@seifried.org> wrote:
> Vincent Danen      2010-08-09 17:44:43 EDT
>
> An out-of-range flaw was found in znc where if it received a "PING" from a
> client without an argument, std::string would throw a std::out_of_range
> exception which killed znc.  This is fixed in subversion [1].
>
> Some unsafe substr() calls were fixed as well.  These are of lesser impact
> because a valid login is required in order to cause a std::out_of_range
> exception.  This is also fixed in subversion [2].
>
> [1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
> [2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
>
> http://en.znc.in/wiki/ZNC
> https://bugzilla.redhat.com/show_bug.cgi?id=622601
> https://bugzilla.redhat.com/show_bug.cgi?id=622600
>
>


-- 
Kurt Seifried
kurt@seifried.org
tel: 1-703-879-3176

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic