oss-security August 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] Re: CVE Request - ZNC

Re: [oss-security] Re: CVE Request - ZNC

From: Josh Bressers <bressers_at_nospam>
Date: Tue Aug 10 2010 - 21:34:10 GMT
To: oss-security@lists.openwall.com

Please use CVE-2010-2812 for the PING issue
Please use CVE-2010-2934 for the substr() issues.

Thanks.

-- JB ----- "Kurt Seifried" <kurt@seifried.org> wrote: > Sorry forgot to mention it's version 0.092 (currently the latest) is > affected. > > On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt@seifried.org> > wrote: > > Vincent Danen      2010-08-09 17:44:43 EDT > > > > An out-of-range flaw was found in znc where if it received a "PING" > from a > > client without an argument, std::string would throw a > std::out_of_range > > exception which killed znc.  This is fixed in subversion [1]. > > > > Some unsafe substr() calls were fixed as well.  These are of lesser > impact > > because a valid login is required in order to cause a > std::out_of_range > > exception.  This is also fixed in subversion [2]. > > > > [1] > http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093 > > [2] > http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095 > > > > http://en.znc.in/wiki/ZNC > > https://bugzilla.redhat.com/show_bug.cgi?id=622601 > > https://bugzilla.redhat.com/show_bug.cgi?id=622600 > > > > > > > -- > Kurt Seifried > kurt@seifried.org > tel: 1-703-879-3176