Package: libpoe-component-irc-perl Severity: important Tags: patch
IRC bots which do not take care of removing carriage returns and line feeds from parameters they send to the IRC component are vulnerable to this security hole. For example, passing an argument of "foo bar\rQUIT" to the 'privmsg' handler will cause the client to disconnect from the server. All versions of POE::Component::IRC are affected. This has been patched upstream (relevent commits: http://github.com/bingos/poe-component-irc/compare/d2ead04...675f55cd) and included in the latest release (version 6.32). -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (700, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32.12-x86_64-linode12 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
