On Tue, Oct 09, 2007 at 10:04:04AM -0400, Alex Pennace wrote:
> On Mon, Oct 08, 2007 at 11:55:20PM +0200, Nico Golde wrote:
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for dircproxy.
> >
> > CVE-2007-5226[0]:
> > | irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to
> > | cause a denial of service (segmentation fault) via an ACTION command
> > | without a parameter, which triggers a NULL pointer dereference, as
> > | demonstrated using a blank /me message from irssi.
> >
> > If you fix this vulnerability please also include the CVE id
> > in your changelog entry.
> >
> > The null pointer dereference itself is not that big kind of
> > a problem here but since this also means to lose the data
> > you want to read while you are away I mark this as grave.
>
> Thanks Nico and Steffen.
>
> Security team: this bug is also present in stable and oldstable.
I don't think this warrants a DSA, feel free to fix it through a
stable point release.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
