Bug#697384: unblock: charybdis/3.3.0-7.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package charybdis
Version 3.3.0-7.1 contains just one additional patch fixing
the vulnerability CVE-2012-6084 [1]. I am attaching the
debdiff.
Cheers,
Adrian
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697092
unblock charybdis/3.3.0-7.1
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru charybdis-3.3.0/debian/changelog charybdis-3.3.0-CVE-2012-6084/debian/changelog
--- charybdis-3.3.0/debian/changelog 2011-11-30 00:17:54.000000000 +0100
+++ charybdis-3.3.0-CVE-2012-6084/debian/changelog 2013-01-02 20:58:33.748765147 +0100
@@ -1,3 +1,11 @@
+charybdis (3.3.0-7.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix remote denial of service vulnerability
+ CVE-2012-6084 (Closes: #697092).
+
+ -- John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Wed, 02 Jan 2013 20:57:36 +0100
+
charybdis (3.3.0-7) unstable; urgency=low
* patch: default NICKLEN to 30 to fit a commonly used value and the new
diff -Nru charybdis-3.3.0/debian/patches/CVE-2012-6084.patch charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch
--- charybdis-3.3.0/debian/patches/CVE-2012-6084.patch 1970-01-01 01:00:00.000000000 +0100
+++ charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch 2013-01-02 20:57:08.790958689 +0100
@@ -0,0 +1,26 @@
+From ac0707aa61d9c20e9b09062294701567c9f41595 Mon Sep 17 00:00:00 2001
+From: William Pitcock <nenolod@dereferenced.org>
+Date: Mon, 31 Dec 2012 13:13:05 -0600
+Subject: [PATCH] m_capab: fix a possible remote crash triggered by the CAPAB
+ parsing code.
+
+---
+ modules/m_capab.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/m_capab.c b/modules/m_capab.c
+index 54e9a53..b03fb3f 100644
+--- a/modules/m_capab.c
++++ b/modules/m_capab.c
+@@ -38,7 +38,7 @@
+
+ struct Message capab_msgtab = {
+ "CAPAB", 0, 0, 0, MFLG_SLOW | MFLG_UNREG,
+- {{mr_capab, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
++ {{mr_capab, 2}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
+ };
+ struct Message gcap_msgtab = {
+ "GCAP", 0, 0, 0, MFLG_SLOW,
+--
+1.7.10
+
diff -Nru charybdis-3.3.0/debian/patches/series charybdis-3.3.0-CVE-2012-6084/debian/patches/series
--- charybdis-3.3.0/debian/patches/series 2011-11-30 00:17:54.000000000 +0100
+++ charybdis-3.3.0-CVE-2012-6084/debian/patches/series 2013-01-02 20:57:31.618369271 +0100
@@ -5,3 +5,4 @@
no-rpath
cleanup-bandb-properly
default_nicklen
+CVE-2012-6084.patch
Reply to: