On Thu, Aug 19, 1999 at 04:43:29PM -0500, David Welton wrote:
> Are these epic4? I think so, as I have no bugs similar to these filed
> against epic. Maybe it is vulnerable though, could someone point me
> to these bugs (I don't seem them in the bug tracking system), and how
> to reproduce them?
Yes they are. The packages are epic4 and epic4-help, they apparently were
listed wrong in the message.
The advisory was posted to the ircii-epic list (I don't have the original)
All versions of epic4 prior to pre2.003 are vulnerable to the first
potential DoS which was discovered after pre2.003's release leading to the
fix information of "upgrade to pre2.003, it's more stable anyway", and
there was another found in pre2.003 which was patched---that patch is in
the .diff.gz...
If absolutely required, hop will provide another advisory about using
epic4pre2.003 or later with the patch if you want the ANSI parser to be
safe. epic3's ANSI parser is also unsafe, but never was it claimed that
it was---it's a known bug in epic3.
--
Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer
GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3
PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE
--------------------------------------------------------------------------
<xtifr> you don't have to be insane to work here....oh wait, yes you do!
:)
Attachment:
pgp9feEofMEVW.pgp
Description: PGP signature