inspircd: CVE-2012-1836 patch incomplete

To: debian-security@lists.debian.org
Subject: inspircd: CVE-2012-1836 patch incomplete
From: Guillaume Delacour <gui@iroqwa.org>
Date: Thu, 26 Mar 2015 01:24:58 +0100
Message-id: <[🔎] 1427329498.5022.12.camel@yamcha.kamehouse.iroqwa.org>

Hi,

One of upstream author of inspircd has reported [1] that the fix we
provide in the Debian package for CVE-2012-1836 is incomplete.

I've refreshed the patch 03_CVE-2012-1836.diff to integrate changes for
src/dns.cpp between 2.0.5 and 2.0.7 as suggested by upstream.

I've uploaded the version 2.0.5-1+deb7u1 on mentors [2] based on the
Debian developers reference guide [3].

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880
[2]:
http://mentors.debian.net/debian/pool/main/i/inspircd/inspircd_2.0.5-1
+deb7u1.dsc
[3]:
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security

-- 
Guillaume Delacour <gui@iroqwa.org>

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: inspircd: CVE-2012-1836 patch incomplete
  - From: Guillaume Delacour <gui@iroqwa.org>

Prev by Date: Re: openjdk-7 security updates after JDK 7 End of Public Updates
Next by Date: Re: inspircd: CVE-2012-1836 patch incomplete
Previous by thread: [#1278]: [SECURITY] [DSA 3204-1] python-django security update
Next by thread: Re: inspircd: CVE-2012-1836 patch incomplete
Index(es):
- Date
- Thread