oss-sec mailing list archives
Re: Re: CVE Request - ZNC
From: Josh Bressers <bressers () redhat com>
Date: Tue, 10 Aug 2010 17:34:10 -0400 (EDT)
Please use CVE-2010-2812 for the PING issue Please use CVE-2010-2934 for the substr() issues. Thanks. -- JB ----- "Kurt Seifried" <kurt () seifried org> wrote:
Sorry forgot to mention it's version 0.092 (currently the latest) is affected. On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt () seifried org> wrote:Vincent Danen 2010-08-09 17:44:43 EDT An out-of-range flaw was found in znc where if it received a "PING"from aclient without an argument, std::string would throw astd::out_of_rangeexception which killed znc. This is fixed in subversion [1]. Some unsafe substr() calls were fixed as well. These are of lesserimpactbecause a valid login is required in order to cause astd::out_of_rangeexception. This is also fixed in subversion [2]. [1]http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093[2]http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095http://en.znc.in/wiki/ZNC https://bugzilla.redhat.com/show_bug.cgi?id=622601 https://bugzilla.redhat.com/show_bug.cgi?id=622600-- Kurt Seifried kurt () seifried org tel: 1-703-879-3176
Current thread:
- CVE Request - ZNC Kurt Seifried (Aug 09)
- Re: CVE Request - ZNC Kurt Seifried (Aug 09)
- Re: Re: CVE Request - ZNC Josh Bressers (Aug 10)
- Re: CVE Request - ZNC Kurt Seifried (Aug 09)