oss-sec mailing list archives

Re: CVE request: 2 issues in inspircd

From: Moritz Mühlenhoff <jmm () inutil org>
Date: Sat, 15 Aug 2015 13:52:45 +0200

On Wed, Apr 15, 2015 at 07:22:01PM +0200, Salvatore Bonaccorso wrote:

Hi,

On Sun, Mar 29, 2015 at 02:20:44PM +0200, Sébastien Delafond wrote:

Hi,

the Debian Security Team is requesting 2 CVEs for inspircd.

  * the fix that was included in Debian for CVE-2012-1836 is incomplete,
    and does not solve the original remote code execution problem. See:

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5

  * a DoS can be triggered by invalid DNS packets. See:

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880#5
      https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423


For reference, this has been fixed via DSA-3226-1 in Debian:
https://lists.debian.org/debian-security-announce/2015/msg00114.html


*ping*

These never ended up in CVE assignments.

Cheers,
        Moritz

Current thread:

Re: CVE request: 2 issues in inspircd Moritz Mühlenhoff (Aug 15)
- <Possible follow-ups>
- Re: CVE request: 2 issues in inspircd cve-assign (Aug 25)