Bug#986214: marked as done (ircii: CVE-2021-29376)
Your message dated Mon, 12 Apr 2021 02:48:38 +0000
with message-id <E1lVmcw-0003tD-GJ@fasolo.debian.org>
and subject line Bug#986214: fixed in ircii 20210314-1
has caused the Debian Bug report #986214,
regarding ircii: CVE-2021-29376
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
986214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986214
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ircii: CVE-2021-29376
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 31 Mar 2021 20:59:17 +0200
- Message-id: <161721715753.22169.4947676749574017231.reportbug@eldamar.lan>
Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376
The following vulnerability was published for ircii.
CVE-2021-29376[0]:
| ircII before 20210314 allows remote attackers to cause a denial of
| service (segmentation fault and client crash, disconnecting the victim
| from an IRC server) via a crafted CTCP UTC message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29376
[1] https://www.openwall.com/lists/oss-security/2021/03/24/2
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ircii
Source-Version: 20210314-1
Done: Daniel Echeverri <epsilon@debian.org>
We believe that the bug you reported is fixed in the latest version of
ircii, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 986214@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Echeverri <epsilon@debian.org> (supplier of updated ircii package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 Apr 2021 11:19:42 -0500
Source: ircii
Architecture: source
Version: 20210314-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Daniel Echeverri <epsilon@debian.org>
Closes: 986214
Changes:
ircii (20210314-1) unstable; urgency=medium
.
* QA Upload.
[ Debian Janitor ]
* Set debhelper-compat version in Build-Depends.
* Changes Urgency by urgency in changelog file.
.
* New upstream release.
Fix (CVE-2021-29376). (Closes: #986214).
* debian/control
+ Bump Standards-Version to 4.5.1. (no changes).
+ Bump Debhelper-compat to 13.
+ Add Rules-Requires-Root: no.
* debian/patches
+ Refresh:
+ 0008-fix-spelling-error.diff
+ 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
+ 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
+ 0006-fix-some-spelling-errors.patch
* debian/rules
+ Remove --as-needed linker flag.
* debian/watch
+ Update to version 4.
* Update copyright file.
Checksums-Sha1:
4eebf6a38114f577a8830489222b0cd21f5b12f8 1876 ircii_20210314-1.dsc
61830abe36ab02343862e296b858a3612aeb6a8a 590626 ircii_20210314.orig.tar.bz2
bfb91cadfc2bb65fa00ac3938b03e736ed7ba982 11980 ircii_20210314-1.debian.tar.xz
d1090d17bd072de1e233a8f4f0fb619ee930d71d 6151 ircii_20210314-1_amd64.buildinfo
Checksums-Sha256:
812344c368f732eaa9a2d8564e3bed0f9e4b93a6702224b261f2e006b30f1cdf 1876 ircii_20210314-1.dsc
866f2b847daed3d70859f208f7cb0f20b58c0933b2159f7ff92a68c518d393a9 590626 ircii_20210314.orig.tar.bz2
a298e1102f29fb8d22e9eb208fa91f16eb99fee947d40ce09cfdea5a99ecaddc 11980 ircii_20210314-1.debian.tar.xz
c67e32ffc7e96feae5dc87fa541a052163ec4e8599ac508f7cb0e11ace2be850 6151 ircii_20210314-1_amd64.buildinfo
Files:
e561396550a509703be19415eb240e60 1876 net optional ircii_20210314-1.dsc
56dcc36000616d9594521130e8666524 590626 net optional ircii_20210314.orig.tar.bz2
dd208173ce46e9e6516b6f9840ae6d05 11980 net optional ircii_20210314-1.debian.tar.xz
afe736ef2973ed4e8be5379c6199272a 6151 net optional ircii_20210314-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE0NCFsWnDv9lASFj6IfwpUEtSMNsFAmBzsccTHGVwc2lsb25A
ZGViaWFuLm9yZwAKCRAh/ClQS1Iw2xXyD/4hrhWG64vDUQvhvLbBM2iT/ZVMw6W8
r01sorEZ+3nUHwd+IKwoFZRNaZiKPJYN0FFYPYismOVGg4nrJr83IMAc+Hcv2qJ+
4KhcFsdSnA08Zbzg1St9KOhdViUwkf1tjwDEccHWY04nuKjto0V/U8cy7oXhejj3
iJUo1NCCdPQWBjvMwuF+o+FDy9T6tgpJFPrR38697PmN0cdo8nfq2gvrG1j4oimk
Z1bCjm/tmp9zXVkigHW7hRh+SpUtaLfiTc7XFg66523Y3M9BrQdf3DnqMvbLD3D1
WgfTDYjWyn5/uMyhloV5zx10bGxuVA76oVwP/rpzh5fQIJ/WVsCMTWPvzZada3+S
EjHj/uEtejeSFpvni7gyr7nmJFgo63I+gEo9taJW3R+ty2cVfMpVVT6K2+sQxhnl
3XT3BXC+ZEmEw2W9lteHhdHgngMX32i5L/dWWh8+IkLI0nuhLmWzqrMb5S7HN5Ua
IQRGYk4yLHRGTR4IpbSv/abJxQT2BQbXbWiX0qhdLG8V6Obn+pq15GcLKMpKAJAK
R5/Y8UPXRjkVTN7xVqAkNZrPYRtysXLd5EBJECGjXf1lGn9ico6LHqyG7hOBgIqj
coxit9SO/laM2L0y1sVoPswiZLXXsBhreyo0UqCMUhNePSuA2njjNPAPXSiEdVp+
opUVB80VPQqJbw==
=M/uv
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: