Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-2812 CVE-2010-2934

Source

Debian Bug report logs - #599708
CVE-2010-2812 and CVE-2010-2934

Package: znc; Maintainer for znc is Patrick Matthäi <pmatthaei@debian.org>; Source for znc is src:znc (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 10 Oct 2010 11:21:05 UTC

Severity: grave

Tags: security

Fixed in version 0.092-2

Done: Moritz Muehlenhoff <jmm@inutil.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#599708; Package znc. (Sun, 10 Oct 2010 11:21:08 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Patrick Matthäi <pmatthaei@debian.org>. (Sun, 10 Oct 2010 11:21:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: znc
Severity: grave
Tags: security

CVE-2010-2812 and CVE-2010-2934 are currently only
fixed in experimental, but not sid and Squeeze. The
Red Hat bug contains references to the patches:
https://bugzilla.redhat.com/show_bug.cgi?id=622600

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages znc depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.4.4-9  GCC support library
ii  libperl5.10                   5.10.1-14  shared Perl library
ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries
ii  libstdc++6                    4.4.4-9    The GNU Standard C++ Library v3

znc recommends no packages.

znc suggests no packages.

Information forwarded to debian-bugs-dist@lists.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#599708; Package znc. (Sun, 10 Oct 2010 11:36:07 GMT) (full text, mbox, link).

Acknowledgement sent to pmatthaei@debian.org:
Extra info received and forwarded to list. Copy sent to Patrick Matthäi <pmatthaei@debian.org>. (Sun, 10 Oct 2010 11:36:07 GMT) (full text, mbox, link).

Message #10 received at 599708@bugs.debian.org (full text, mbox, reply):

Hm?
This is patched since 0.092-2 with 01-out-of-range-error.diff
At the time where I patched it, there was no CVE ID available

Am 10.10.2010 13:19, schrieb Moritz Muehlenhoff:
> Package: znc
> Severity: grave
> Tags: security
>
> CVE-2010-2812 and CVE-2010-2934 are currently only
> fixed in experimental, but not sid and Squeeze. The
> Red Hat bug contains references to the patches:
> https://bugzilla.redhat.com/show_bug.cgi?id=622600
>
> Cheers,
>          Moritz
>
> -- System Information:
> Debian Release: squeeze/sid
>    APT prefers unstable
>    APT policy: (500, 'unstable')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages znc depends on:
> ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
> ii  libgcc1                       1:4.4.4-9  GCC support library
> ii  libperl5.10                   5.10.1-14  shared Perl library
> ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries
> ii  libstdc++6                    4.4.4-9    The GNU Standard C++ Library v3
>
> znc recommends no packages.
>
> znc suggests no packages.
>
>

Information forwarded to debian-bugs-dist@lists.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#599708; Package znc. (Sun, 10 Oct 2010 12:00:10 GMT) (full text, mbox, link).

Acknowledgement sent to Uli Schlachter <psychon@znc.in>:
Extra info received and forwarded to list. Copy sent to Patrick Matthäi <pmatthaei@debian.org>. (Sun, 10 Oct 2010 12:00:10 GMT) (full text, mbox, link).

Message #15 received at 599708@bugs.debian.org (full text, mbox, reply):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 10.10.2010 13:19, Moritz Muehlenhoff wrote:
> Package: znc
> Severity: grave
> Tags: security
> 
> CVE-2010-2812 and CVE-2010-2934 are currently only
> fixed in experimental, but not sid and Squeeze. The
> Red Hat bug contains references to the patches:
> https://bugzilla.redhat.com/show_bug.cgi?id=622600
> 
> Cheers,
>         Moritz

- From a quick look at the source package, the included patch
"01-out-of-range-error.diff" seems to fix exactly this.[1]
According to the patch description this would be a dupe of bug #592064.

Cheers,
Uli

[1]
http://patch-tracker.debian.org/patch/series/view/znc/0.092-3/01-out-of-range-error.diff

- -- 
- - Buck, when, exactly, did you lose your mind?
- - Three months ago. I woke up one morning married to a pineapple.
  An ugly pineapple... But I loved her
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJMsae+AAoJECLkKOvLj8sGqWwH/A49dSZCnA9VNlSUap/9QVq6
ADSSicKT6qc6mmZHW2rixzI5FLLIscaLOA6BqtE+S8jyyiLsJD1nfeO45sbxoRTX
N0AeB6pJgL5kS65VgttGbynwU67pUYy27O5ipoHYeMUNQwnl64Z1hfuo0JSnH7gD
2VrgPiIxVFBAfP6VQk2ZxDNKg+6Ehrhpfpajav6rDqiuPlQA+KmxovHxNRzp2eXG
iYT3QdJfN3A5WHUOsPh4+flB4+cNd9VtDMfkACK5zNZwSV+OltGy0605txl6pBMm
T+cXlPM+Z18StQJsdhSpwABrINlflQLBGX0NIAhSFljwtXLnLv7rhRr9JlfZb0c=
=zCX6
-----END PGP SIGNATURE-----

Reply sent to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility. (Sun, 10 Oct 2010 17:12:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 10 Oct 2010 17:12:03 GMT) (full text, mbox, link).

Message #20 received at 599708-done@bugs.debian.org (full text, mbox, reply):

Version: 0.092-2

On Sun, Oct 10, 2010 at 01:47:21PM +0200, Uli Schlachter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Am 10.10.2010 13:19, Moritz Muehlenhoff wrote:
> > Package: znc
> > Severity: grave
> > Tags: security
> > 
> > CVE-2010-2812 and CVE-2010-2934 are currently only
> > fixed in experimental, but not sid and Squeeze. The
> > Red Hat bug contains references to the patches:
> > https://bugzilla.redhat.com/show_bug.cgi?id=622600
> > 
> > Cheers,
> >         Moritz
> 
> - From a quick look at the source package, the included patch
> "01-out-of-range-error.diff" seems to fix exactly this.[1]
> According to the patch description this would be a dupe of bug #592064.

Ok, marking as fixed in the Security Tracker.

Cheers,
        Moritz

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 08 Nov 2010 07:30:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:03:50 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2812 and CVE-2010-2934

Debian Bug report logs - #599708
CVE-2010-2812 and CVE-2010-2934

Vulmon Search

About

Products

Connect

CVE-2010-2812 and CVE-2010-2934

Debian Bug report logs - #599708 CVE-2010-2812 and CVE-2010-2934

Vulmon Search

About

Products

Connect

Debian Bug report logs - #599708
CVE-2010-2812 and CVE-2010-2934