[PKG-IRC-Maintainers] ngircd remote exploit, 2nd time...

Andreas Barth aba at not.so.argh.org
Fri Jan 18 10:52:50 UTC 2008


* Thijs Kinkhorst (thijs at debian.org) [080118 11:47]:
> On Thu, January 17, 2008 21:49, Mario Iseli wrote:
> > I got in contact with you at the end of November 2007 because of
> > CVE-2007-6034 and CVE-2007-6062, the answer was that the bug isn't
> > interesting enough. Now, two days ago - there was a new security bug
> > (CVE-2008-0285 aka #461067). This one is remote exploitable as well. So
> > - what now? Don't you find it a good idea to proceed now with an
> > official security upload? I already did it for unstable and I'd have a fix
> > for Etch ready too. Please get in contact with me soon, otherwise I will
> > look with Andreas Barth that it will be included in the next Etch
> > point-release.
> 
> If you can show me the proposed packages or debdiff I can judge if this
> would be suitable for stable. If we can fix two remote crashings in one
> DSA it may be worth it, if the patch is sufficiently uncomplicated.
> 
> I'm tracking this in RT # 473

We have already some fixes in proposed-updates, and I'll make sure
tonight / tomorrow together with Mario that we'll get a new working
package that fixes all that's still open.


Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/



More information about the Pkg-irc-maintainers mailing list