[PKG-IRC-Maintainers] Bug#572563: Bug#572563: CVE-2009-4652: Denial of service through MOTD
Moritz Muehlenhoff
jmm at inutil.org
Thu Mar 4 22:47:08 UTC 2010
On Thu, Mar 04, 2010 at 11:00:30PM +0100, Christoph Biedl wrote:
> Moritz Muehlenhoff wrote...
>
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4652
> > for patches.
>
> According to that page this affects only versions 13 and 14, and only
> if TLS is enabled.
The CVE writeups are usually written without in-depth investigation,
their information on affected versions shouldn't be trusted without
checking the code. I didn't look into details, I just file bugs for a
bunch of new security issues.
> Currently there's 0.12.1 in Debian, and without TLS support. You
> might want to close that bug report.
I'll leave that to the maintainers/adopters.
Cheers,
Moritz
More information about the Pkg-irc-maintainers
mailing list