oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: 2 issues in inspircd

From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 15 Apr 2015 19:22:01 +0200
Hi,

On Sun, Mar 29, 2015 at 02:20:44PM +0200, Sébastien Delafond wrote:

Hi,

the Debian Security Team is requesting 2 CVEs for inspircd.

  * the fix that was included in Debian for CVE-2012-1836 is incomplete,
    and does not solve the original remote code execution problem. See:

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5

  * a DoS can be triggered by invalid DNS packets. See:

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5
      https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423


For reference, this has been fixed via DSA-3226-1 in Debian:
https://lists.debian.org/debian-security-announce/2015/msg00114.html

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: