Le jeudi 26 mars 2015 à 01:24 +0100, Guillaume Delacour a écrit : > Hi, > > One of upstream author of inspircd has reported [1] that the fix we > provide in the Debian package for CVE-2012-1836 is incomplete. > > I've refreshed the patch 03_CVE-2012-1836.diff to integrate changes for > src/dns.cpp between 2.0.5 and 2.0.7 as suggested by upstream. > > I've uploaded the version 2.0.5-1+deb7u1 on mentors [2] based on the > Debian developers reference guide [3]. I'm sorry but upstream need a bit more time to be sure that the patch i've made (by importing src/dns.cpp from a newer version as he suggested) will be sufficient and wont break anything. I'll give feedback when me and upstream are sure that the fix (and the reproducibility of the crash with an exploit) is the right. > > [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880 > [2]: > http://mentors.debian.net/debian/pool/main/i/inspircd/inspircd_2.0.5-1 > +deb7u1.dsc > [3]: > https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security >
Attachment:
signature.asc
Description: This is a digitally signed message part