Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

charybdis: CVE-2012-6084: remote denial of service

Related Vulnerabilities: CVE-2012-6084  

Source

Debian Bug report logs - #697092
charybdis: CVE-2012-6084: remote denial of service

version graph

Package: charybdis; Maintainer for charybdis is Antoine Beaupré <anarcat@debian.org>; Source for charybdis is src:charybdis (PTS, buildd, popcon).

Reported by: Henri Salo <henri@nerv.fi>

Date: Tue, 1 Jan 2013 10:33:01 UTC

Severity: grave

Tags: patch, security

Found in version charybdis/3.3.0-7

Fixed in version charybdis/3.3.0-7.1

Done: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Antoine Beaupré <anarcat@debian.org>:
Bug#697092; Package charybdis. (Tue, 01 Jan 2013 10:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Antoine Beaupré <anarcat@debian.org>. (Tue, 01 Jan 2013 10:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Henri Salo <henri@nerv.fi>
To: submit@bugs.debian.org
Subject: charybdis: CVE-2012-6084: remote denial of service
Date: Tue, 1 Jan 2013 12:29:27 +0200
Package: charybdis
Version: 3.3.0-7
Severity: important
Tags: security

Advisory: http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt
CVE-requests http://www.openwall.com/lists/oss-security/2013/01/01/1 http://www.openwall.com/lists/oss-security/2013/01/01/2
Patch: https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch

- Henri Salo

Severity set to 'grave' from 'important' Request was from Moritz Muehlenhoff <jmm@debian.org> to control@bugs.debian.org. (Tue, 01 Jan 2013 14:36:03 GMT) (full text, mbox, link).

Added tag(s) patch. Request was from John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> to control@bugs.debian.org. (Tue, 01 Jan 2013 14:48:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, henri@nerv.fi, Antoine Beaupré <anarcat@debian.org>:
Bug#697092; Package charybdis. (Wed, 02 Jan 2013 20:03:05 GMT) (full text, mbox, link).

Acknowledgement sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to henri@nerv.fi, Antoine Beaupré <anarcat@debian.org>. (Wed, 02 Jan 2013 20:03:06 GMT) (full text, mbox, link).

Message #14 received at 697092@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: Debian Bug Tracking System <697092@bugs.debian.org>
Subject: Re: charybdis: CVE-2012-6084: remote denial of service
Date: Wed, 02 Jan 2013 21:01:39 +0100
[Message part 1 (text/plain, inline)]
Package: charybdis
Followup-For: Bug #697092

Hi,

attaching proposed debdiff containing the upstream patch as well
an updated debian/changelog for an NMU. Would be willing to do
the NMU if no one else volunteers.

Cheers,

Adrian

[charybdis-3.3.0-7.1.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Antoine Beaupré <anarcat@debian.org>:
Bug#697092; Package charybdis. (Thu, 03 Jan 2013 04:21:02 GMT) (full text, mbox, link).

Acknowledgement sent to Antoine Beaupré <anarcat@anarcat.ath.cx>:
Extra info received and forwarded to list. Copy sent to Antoine Beaupré <anarcat@debian.org>. (Thu, 03 Jan 2013 04:21:03 GMT) (full text, mbox, link).

Message #19 received at 697092@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@anarcat.ath.cx>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, 697092@bugs.debian.org
Subject: Re: Bug#697092: charybdis: CVE-2012-6084: remote denial of service
Date: Wed, 02 Jan 2013 23:18:06 -0500
[Message part 1 (text/plain, inline)]
On 2013-01-02, John Paul Adrian Glaubitz wrote:
> Hi,
>
> attaching proposed debdiff containing the upstream patch as well
> an updated debian/changelog for an NMU. Would be willing to do
> the NMU if no one else volunteers.

Please do NMU, but the following chunk should be removed from the patch:

> diff -Nru charybdis-3.3.0/debian/patches/series~ charybdis-3.3.0-CVE-2012-6084/debian/patches/series~
> --- charybdis-3.3.0/debian/patches/series~	1970-01-01 01:00:00.000000000 +0100
> +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/series~	2011-11-30 00:17:54.000000000 +0100
> @@ -0,0 +1,7 @@
> +fix-paths
> +ircd.conf
> +no_hardcoded_bandb_dpath
> +non-static-sqlite
> +no-rpath
> +cleanup-bandb-properly
> +default_nicklen

Thanks!

-- 
Les écrivains qui ont recours à leurs doigts pour savoir s'ils ont leur
compte de pieds ne sont pas des poètes, ce sont des dactylographes.
                        - Léo Ferré, "Préface"

[Message part 2 (application/pgp-signature, inline)]

Reply sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
You have taken responsibility. (Fri, 04 Jan 2013 16:21:03 GMT) (full text, mbox, link).

Notification sent to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer. (Fri, 04 Jan 2013 16:21:03 GMT) (full text, mbox, link).

Message #24 received at 697092-close@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: 697092-close@bugs.debian.org
Subject: Bug#697092: fixed in charybdis 3.3.0-7.1
Date: Fri, 04 Jan 2013 16:17:32 +0000
Source: charybdis
Source-Version: 3.3.0-7.1

We believe that the bug you reported is fixed in the latest version of
charybdis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697092@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> (supplier of updated charybdis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Jan 2013 20:57:36 +0100
Source: charybdis
Binary: charybdis
Architecture: source amd64
Version: 3.3.0-7.1
Distribution: unstable
Urgency: low
Maintainer: Antoine Beaupré <anarcat@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Description: 
 charybdis  - fast, scalable irc server
Closes: 697092
Changes: 
 charybdis (3.3.0-7.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix remote denial of service vulnerability
     CVE-2012-6084 (Closes: #697092).
Checksums-Sha1: 
 f6be543969bd740a766f4ad20eafb66d0403747c 1974 charybdis_3.3.0-7.1.dsc
 28f0a72f3ffa82792d7cc1e4a3efbc2caf5ea000 1881357 charybdis_3.3.0.orig.tar.gz
 4ada694497d05757eaeb9feece98fcebdb8f696c 19260 charybdis_3.3.0-7.1.debian.tar.gz
 a228a3bcfccc17a5c44a07f4dab8f6322f3a381f 712420 charybdis_3.3.0-7.1_amd64.deb
Checksums-Sha256: 
 641f58fd314209adf27b6cdfe6b489debf2ac8475a50cc0f85a36c50b5faf192 1974 charybdis_3.3.0-7.1.dsc
 6efcf7b46bb7c1f8a089ad45dd18c2ef3a194f747e46405edbb4138e473d4b5b 1881357 charybdis_3.3.0.orig.tar.gz
 4ccc8e7a30f6d579a4af3a00f93ba15c2d16906dc04179bb4ecc72445a0c1716 19260 charybdis_3.3.0-7.1.debian.tar.gz
 50430d5b834c6d7c58df79540ce5d349ce6e68d9d9c98f4a4bfbd670e668353a 712420 charybdis_3.3.0-7.1_amd64.deb
Files: 
 da788db558d1c64662ef7825efcf4026 1974 net optional charybdis_3.3.0-7.1.dsc
 d092be39436808200002b35dfdb81af1 1881357 net optional charybdis_3.3.0.orig.tar.gz
 e2c5664515c68d6139e51a1a173d0107 19260 net optional charybdis_3.3.0-7.1.debian.tar.gz
 a5a1a9f6abff59524a06016b4479ee5a 712420 net optional charybdis_3.3.0-7.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ5v9bAAoJEHQmOzf1tfkT3MgQAMrWaouH/iKp58mDefh0/XPD
ct0XaibwooLVuoamG3gxsL83h79xwVkgpKOc2MvBRIc93JvV0nUs9bRwNGutW962
Btx2WXIKaDQPTOBmHyv1YRWWWCSez2U0kDn5pA8SGmvWcR8jmV6WoveyIj/P0nn2
fQBZP6MdiT2YGMIJJLFmKcM9JYB6ytoxOrUVEYTMLNgi/GtMx68wNk2IpVyTrZ4y
RhVFAn7mzDbRNrdaKSeZptYN8nyq3VWsfAa9Rry6XFNnsCZuyhP24mhspxONnGf7
qmoygU7Qq0q2p48OtGCgTtcY7rlVF72K3Sa8C1ze0WvMGblctgEeW7j6uf9tFOIM
RsQQL+ftumxYvcKnRdedwY9ygZLfwTDDd7Qk9rpstwbzhVdh5Y8AVYSizxGjVnSm
0l/xroXD6Y/QfwB6pa6V+v2EcH5hdOJ14/GfdF28oE0tHUo5y5x6ryVfTPDwG48z
hiBlItfjrQwO14q88KmFsb82eXE/uAjdWVMz6y/GPlGPbtF6ij2uirCKbe0hPweW
oWFb/2NdboCUBtnCkQrI147Tfa7mvKqhIgx47a2uiBQhvKST76kW2mAiown3+fdF
OsMJY2RnGOCo+EpEQhHVkfSp3BDR47t9iZ+z3Xg31OVcnudsfuyZ4LRngkh0hPlH
hYKDUT8cge6Ea5GI6/ML
=XV/K
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 12 Feb 2013 07:27:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:49:15 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started