Re: inspircd: CVE-2012-1836 patch incomplete

To: debian-security@lists.debian.org
Subject: Re: inspircd: CVE-2012-1836 patch incomplete
From: Sébastien Delafond <seb@debian.org>
Date: Wed, 1 Apr 2015 10:24:42 +0000 (UTC)
Message-id: <[🔎] 20150401122219.313@usenet.piggo.com>
References: <1427329498.5022.12.camel@yamcha.kamehouse.iroqwa.org> <1427333035.5022.18.camel@yamcha.kamehouse.iroqwa.org> <1427836744.23831.11.camel@yamcha.kamehouse.iroqwa.org>

On 2015-03-31, Guillaume Delacour <gui@iroqwa.org> wrote:
> Upstream confirm me that the fix is correct for this CVE.  The
> package uploaded on mentors was not modified since my first mail and
> is ready for upload if anybody can/want upload it to stable.

I'm waiting for CVE assignments from MITRE, after which I can release
the DSA.

> In a second stage, upstream show me other [4] security related
> changes done between the actual 2.0.18 stable and the 2.0.5 shipped
> in wheezy.  Upstream "strongly urge" me to take a look at these
> commits to evaluate the impact, maybe someone of the security team
> could help me and upstream to review the impact of them.

Would that be the commits from 2015-03-26, or others as well ?

Cheers,

--Seb

Reply to:

Next by Date: Re: https://wiki.debian.org/LTS/Using => broken?
Next by thread: Re: https://wiki.debian.org/LTS/Using => broken?
Index(es):
- Date
- Thread