[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: inspircd: CVE-2012-1836 patch incomplete

On 2015-03-31, Guillaume Delacour <gui@iroqwa.org> wrote:
> Upstream confirm me that the fix is correct for this CVE.  The
> package uploaded on mentors was not modified since my first mail and
> is ready for upload if anybody can/want upload it to stable.

I'm waiting for CVE assignments from MITRE, after which I can release
the DSA.

> In a second stage, upstream show me other [4] security related
> changes done between the actual 2.0.18 stable and the 2.0.5 shipped
> in wheezy.  Upstream "strongly urge" me to take a look at these
> commits to evaluate the impact, maybe someone of the security team
> could help me and upstream to review the impact of them.

Would that be the commits from 2015-03-26, or others as well ?



Reply to: