Package: eggdrop Severity: grave Tags: security Justification: user security hole
Hi, turns out my patch has a bug in it which opens this up for a buffer overflow again in case strlen(ctcpbuf) returns 0: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341 Too bad noone noticed that before. I am going to upload a 0-day NMU now to fix this. debdiff available on: http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch (includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived). Cheers Nico -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
