[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE Request - ZNC
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-08-10 21:34:10
Message-ID: 1166278498.1082231281476050522.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2812 for the PING issue
Please use CVE-2010-2934 for the substr() issues.
Thanks.
--
JB
----- "Kurt Seifried" <kurt@seifried.org> wrote:
> Sorry forgot to mention it's version 0.092 (currently the latest) is
> affected.
>
> On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt@seifried.org>
> wrote:
> > Vincent Danen 2010-08-09 17:44:43 EDT
> >
> > An out-of-range flaw was found in znc where if it received a "PING"
> from a
> > client without an argument, std::string would throw a
> std::out_of_range
> > exception which killed znc. This is fixed in subversion [1].
> >
> > Some unsafe substr() calls were fixed as well. These are of lesser
> impact
> > because a valid login is required in order to cause a
> std::out_of_range
> > exception. This is also fixed in subversion [2].
> >
> > [1]
> http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
> > [2]
> http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
> >
> > http://en.znc.in/wiki/ZNC
> > https://bugzilla.redhat.com/show_bug.cgi?id=622601
> > https://bugzilla.redhat.com/show_bug.cgi?id=622600
> >
> >
>
>
> --
> Kurt Seifried
> kurt@seifried.org
> tel: 1-703-879-3176
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic