Re: inspircd: CVE-2012-1836 patch incomplete
On 2015-03-31, Guillaume Delacour <gui@iroqwa.org> wrote:
> Upstream confirm me that the fix is correct for this CVE. The
> package uploaded on mentors was not modified since my first mail and
> is ready for upload if anybody can/want upload it to stable.
I'm waiting for CVE assignments from MITRE, after which I can release
the DSA.
> In a second stage, upstream show me other [4] security related
> changes done between the actual 2.0.18 stable and the 2.0.5 shipped
> in wheezy. Upstream "strongly urge" me to take a look at these
> commits to evaluate the impact, maybe someone of the security team
> could help me and upstream to review the impact of them.
Would that be the commits from 2015-03-26, or others as well ?
Cheers,
--Seb
Reply to: