Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTinOn79QjN4KXpyj+efyVtQo=kiZ2DmXa+nEtWEd@mail.gmail.com>
Date: Mon, 9 Aug 2010 17:38:59 -0600
From: Kurt Seifried <kurt@...fried.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request - ZNC

Sorry forgot to mention it's version 0.092 (currently the latest) is affected.

On Mon, Aug 9, 2010 at 5:36 PM, Kurt Seifried <kurt@...fried.org> wrote:
> Vincent Danen      2010-08-09 17:44:43 EDT
>
> An out-of-range flaw was found in znc where if it received a "PING" from a
> client without an argument, std::string would throw a std::out_of_range
> exception which killed znc.  This is fixed in subversion [1].
>
> Some unsafe substr() calls were fixed as well.  These are of lesser impact
> because a valid login is required in order to cause a std::out_of_range
> exception.  This is also fixed in subversion [2].
>
> [1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
> [2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
>
> http://en.znc.in/wiki/ZNC
> https://bugzilla.redhat.com/show_bug.cgi?id=622601
> https://bugzilla.redhat.com/show_bug.cgi?id=622600
>
>


-- 
Kurt Seifried
kurt@...fried.org
tel: 1-703-879-3176

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.