[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE Request - ZNC
From: Kurt Seifried <kurt () seifried ! org>
Date: 2010-08-09 23:36:27
Message-ID: AANLkTi=kpBvQUdJg6ixLA=uspsxSq7qY62xZrt3nqmzM () mail ! gmail ! com
[Download RAW message or body]
Vincent Danen 2010-08-09 17:44:43 EDT
An out-of-range flaw was found in znc where if it received a "PING" from a
client without an argument, std::string would throw a std::out_of_range
exception which killed znc. This is fixed in subversion [1].
Some unsafe substr() calls were fixed as well. These are of lesser impact
because a valid login is required in order to cause a std::out_of_range
exception. This is also fixed in subversion [2].
[1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
[2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
http://en.znc.in/wiki/ZNC
https://bugzilla.redhat.com/show_bug.cgi?id=622601
https://bugzilla.redhat.com/show_bug.cgi?id=622600
--
Kurt Seifried
kurt@seifried.org
tel: 1-703-879-3176
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic