Debian Bug report logs -
#528778
eggdrop: incomplete patch for CVE-2007-2807
Reported by: Nico Golde <nion@debian.org>
Date: Fri, 15 May 2009 12:21:04 UTC
Severity: grave
Tags: security
Fixed in versions 1.6.19-1.2, eggdrop/1.6.18-1etch4, eggdrop/1.6.19-1.1+lenny1
Done: Sebastien Delafond <seb@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop.
(Fri, 15 May 2009 12:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, gpastore@debian.org (Guilherme de S. Pastore).
(Fri, 15 May 2009 12:21:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: eggdrop
Severity: grave
Tags: security
Justification: user security hole
Hi,
turns out my patch has a bug in it which opens this up for a
buffer overflow again in case strlen(ctcpbuf) returns 0:
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
Too bad noone noticed that before.
I am going to upload a 0-day NMU now to fix this.
debdiff available on:
http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
(includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).
Cheers
Nico
Reply sent
to Nico Golde <nion@debian.org>:
You have taken responsibility.
(Fri, 15 May 2009 12:30:04 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 15 May 2009 12:30:04 GMT) (full text, mbox, link).
Message #10 received at 528778-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 1.6.19-1.2
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop.
(Fri, 15 May 2009 16:54:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore).
(Fri, 15 May 2009 16:54:02 GMT) (full text, mbox, link).
Message #15 received at 528778@bugs.debian.org (full text, mbox, reply):
On Fri, 15 May 2009 14:18:26 +0200, Nico Golde wrote:
> Package: eggdrop
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> turns out my patch has a bug in it which opens this up for a
> buffer overflow again in case strlen(ctcpbuf) returns 0:
> http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
>
>
> Too bad noone noticed that before.
> I am going to upload a 0-day NMU now to fix this.
>
> debdiff available on:
> http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
>
> (includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).
>
> Cheers
> Nico
does this mean that DSA-1448 needs to be reissued? and is that in the
works? should the etch fixed version get removed from the DSA list to
reindicate that etch is vulnerable?
mike
Information forwarded
to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop.
(Fri, 15 May 2009 19:00:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore).
(Fri, 15 May 2009 19:00:07 GMT) (full text, mbox, link).
Message #20 received at 528778@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
* Michael S. Gilbert <michael.s.gilbert@gmail.com> [2009-05-15 19:45]:
> On Fri, 15 May 2009 14:18:26 +0200, Nico Golde wrote:
[...]
> > turns out my patch has a bug in it which opens this up for a
> > buffer overflow again in case strlen(ctcpbuf) returns 0:
> > http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
> >
> >
> > Too bad noone noticed that before.
> > I am going to upload a 0-day NMU now to fix this.
> >
> > debdiff available on:
> > http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
> >
> > (includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).
>
> does this mean that DSA-1448 needs to be reissued?
Yes
> and is that in the works?
No
> should the etch fixed version get removed from the DSA
> list to reindicate that etch is vulnerable?
No there will be a -2 DSA if any that reflects the previous
fix being incomplete.
Cheers
Nico
P.S. this belongs on the testing-security team mailing list
and not to the BTS.
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to Sebastien Delafond <seb@debian.org>:
You have taken responsibility.
(Sat, 04 Jul 2009 14:24:03 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Sat, 04 Jul 2009 14:24:03 GMT) (full text, mbox, link).
Message #25 received at 528778-close@bugs.debian.org (full text, mbox, reply):
Source: eggdrop
Source-Version: 1.6.18-1etch4
We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:
eggdrop-data_1.6.18-1etch4_all.deb
to pool/main/e/eggdrop/eggdrop-data_1.6.18-1etch4_all.deb
eggdrop_1.6.18-1etch4.diff.gz
to pool/main/e/eggdrop/eggdrop_1.6.18-1etch4.diff.gz
eggdrop_1.6.18-1etch4.dsc
to pool/main/e/eggdrop/eggdrop_1.6.18-1etch4.dsc
eggdrop_1.6.18-1etch4_i386.deb
to pool/main/e/eggdrop/eggdrop_1.6.18-1etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 Jun 2009 12:53:51 +0200
Source: eggdrop
Binary: eggdrop-data eggdrop
Architecture: source i386 all
Version: 1.6.18-1etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
eggdrop - Advanced IRC Robot
eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes:
eggdrop (1.6.18-1etch4) oldstable-security; urgency=high
.
* Security: Fix buffer overflow in case strlen(ctcpbuf) returns zero
(Closes: #528778).
Fixes: CVE-2009-1789
.
* Security: actually apply patch from 1.6.18-1etch4, that somehow got
messed up and was never applied to mod/server.mod/servrmsg.c.
Fixes: CVE-2007-2807
Files:
594b4749b9ec89f7d369643895710ad8 650 net extra eggdrop_1.6.18-1etch4.dsc
1a18e0a558c7de704c220e6ed0f14bff 8016 net extra eggdrop_1.6.18-1etch4.diff.gz
5f8afe289ebefcc7921fc1a9189c7efd 413124 net extra eggdrop-data_1.6.18-1etch4_all.deb
945bb805188e10c0ce96e0b5d2295deb 475340 net extra eggdrop_1.6.18-1etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko/aTwACgkQiZgNKcDdyD+VDQCfXb8AyKNp25xSUrrOA309Q8Cs
XZAAnjfklqbOMMnWIp1aSqKDoOGgcqF5
=Sr2l
-----END PGP SIGNATURE-----
Reply sent
to Sebastien Delafond <seb@debian.org>:
You have taken responsibility.
(Sat, 04 Jul 2009 14:24:05 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Sat, 04 Jul 2009 14:24:05 GMT) (full text, mbox, link).
Message #30 received at 528778-close@bugs.debian.org (full text, mbox, reply):
Source: eggdrop
Source-Version: 1.6.19-1.1+lenny1
We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:
eggdrop-data_1.6.19-1.1+lenny1_all.deb
to pool/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
eggdrop_1.6.19-1.1+lenny1.diff.gz
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
eggdrop_1.6.19-1.1+lenny1.dsc
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
eggdrop_1.6.19-1.1+lenny1_i386.deb
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Jun 2009 12:54:48 +0200
Source: eggdrop
Binary: eggdrop eggdrop-data
Architecture: source all i386
Version: 1.6.19-1.1+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
eggdrop - Advanced IRC Robot
eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes:
eggdrop (1.6.19-1.1+lenny1) stable-security; urgency=medium
.
* Security: fix buffer overflow in case strlen(ctcpbuf) returns zero
(Closes: #528778).
Fixes: CVE-2007-2807
Checksums-Sha1:
708fb1b00bcd15562a9a854215f95ef7430996b8 1083 eggdrop_1.6.19-1.1+lenny1.dsc
74132ca6212a687457cb28c39fa111ae15032203 1033152 eggdrop_1.6.19.orig.tar.gz
4abb94aed90ab59a345292ffc9d88dd471a5dff8 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
e319d710b5fbfd6c4d1f2b3184fed0cfd4fdef8c 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
30785a0a7b6a4dceb9f864d1c8c3da881d07149b 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Checksums-Sha256:
7f5d92230ddbbc37d084b46133e34bd88916dab47b482d7029ef0b25be763a3b 1083 eggdrop_1.6.19-1.1+lenny1.dsc
868ff02cd9af2973f202f1abedcc7c88a936be645d3fe19fee64e0d02c6d2e6e 1033152 eggdrop_1.6.19.orig.tar.gz
84540808a69f47a0507bdf944704445e2a90d37b96927b1949b2746c83d6fe88 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
b61c2657060ae7082164897c8f162b15928ce924942da699ab09b4d27c560b5b 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
758c57b93f6bdd24c0097dbe509f16c1bccdaba5c400281ce786741c8a7b25fd 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Files:
0fbb3a99c0027705fd9459ff03fce710 1083 net extra eggdrop_1.6.19-1.1+lenny1.dsc
4d89a901e95f0f9937f4ffac783d55d8 1033152 net extra eggdrop_1.6.19.orig.tar.gz
73742e8b01487405d815296f5fb91a58 17603 net extra eggdrop_1.6.19-1.1+lenny1.diff.gz
7e5a850e026fe53cfade4e6dd43948af 412066 net extra eggdrop-data_1.6.19-1.1+lenny1_all.deb
1231dad4cd3f847298efd9c453ec7a67 468618 net extra eggdrop_1.6.19-1.1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHZBUACgkQiZgNKcDdyD+U+gCghm6MNv80BHHa2/QwrOvdUvVH
FIgAnRcMRq4JVXDhtR+rf3Uv3AX7RDEf
=oWCT
-----END PGP SIGNATURE-----
Reply sent
to Sebastien Delafond <seb@debian.org>:
You have taken responsibility.
(Fri, 04 Sep 2009 19:15:24 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 04 Sep 2009 19:15:24 GMT) (full text, mbox, link).
Message #35 received at 528778-close@bugs.debian.org (full text, mbox, reply):
Source: eggdrop
Source-Version: 1.6.19-1.1+lenny1
We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:
eggdrop-data_1.6.19-1.1+lenny1_all.deb
to pool/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
eggdrop_1.6.19-1.1+lenny1.diff.gz
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
eggdrop_1.6.19-1.1+lenny1.dsc
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
eggdrop_1.6.19-1.1+lenny1_i386.deb
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Jun 2009 12:54:48 +0200
Source: eggdrop
Binary: eggdrop eggdrop-data
Architecture: source all i386
Version: 1.6.19-1.1+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
eggdrop - Advanced IRC Robot
eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes:
eggdrop (1.6.19-1.1+lenny1) stable-security; urgency=medium
.
* Security: fix buffer overflow in case strlen(ctcpbuf) returns zero
(Closes: #528778).
Fixes: CVE-2007-2807
Checksums-Sha1:
708fb1b00bcd15562a9a854215f95ef7430996b8 1083 eggdrop_1.6.19-1.1+lenny1.dsc
74132ca6212a687457cb28c39fa111ae15032203 1033152 eggdrop_1.6.19.orig.tar.gz
4abb94aed90ab59a345292ffc9d88dd471a5dff8 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
e319d710b5fbfd6c4d1f2b3184fed0cfd4fdef8c 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
30785a0a7b6a4dceb9f864d1c8c3da881d07149b 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Checksums-Sha256:
7f5d92230ddbbc37d084b46133e34bd88916dab47b482d7029ef0b25be763a3b 1083 eggdrop_1.6.19-1.1+lenny1.dsc
868ff02cd9af2973f202f1abedcc7c88a936be645d3fe19fee64e0d02c6d2e6e 1033152 eggdrop_1.6.19.orig.tar.gz
84540808a69f47a0507bdf944704445e2a90d37b96927b1949b2746c83d6fe88 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
b61c2657060ae7082164897c8f162b15928ce924942da699ab09b4d27c560b5b 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
758c57b93f6bdd24c0097dbe509f16c1bccdaba5c400281ce786741c8a7b25fd 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Files:
0fbb3a99c0027705fd9459ff03fce710 1083 net extra eggdrop_1.6.19-1.1+lenny1.dsc
4d89a901e95f0f9937f4ffac783d55d8 1033152 net extra eggdrop_1.6.19.orig.tar.gz
73742e8b01487405d815296f5fb91a58 17603 net extra eggdrop_1.6.19-1.1+lenny1.diff.gz
7e5a850e026fe53cfade4e6dd43948af 412066 net extra eggdrop-data_1.6.19-1.1+lenny1_all.deb
1231dad4cd3f847298efd9c453ec7a67 468618 net extra eggdrop_1.6.19-1.1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHZBUACgkQiZgNKcDdyD+U+gCghm6MNv80BHHa2/QwrOvdUvVH
FIgAnRcMRq4JVXDhtR+rf3Uv3AX7RDEf
=oWCT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 03 Oct 2009 07:45:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:22:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon