tags 445883 patch thanks Hi
Attached you will find the NMU patch for the bug, which I just uploaded to unstable. Cheers Steffen
diff -u dircproxy-1.0.5/src/irc_server.c dircproxy-1.0.5/src/irc_server.c
--- dircproxy-1.0.5/src/irc_server.c
+++ dircproxy-1.0.5/src/irc_server.c
@@ -1078,7 +1078,7 @@
if (!strcmp(cmsg.cmd, "ACTION")) {
if (p->conn_class->log_events & IRC_LOG_ACTION)
- irclog_ctcp(p, msg.params[0], msg.src.orig, "%s", cmsg.orig);
+ irclog_ctcp(p, (msg.params != NULL ) ? msg.params[0]: "none", msg.src.orig, "%s", cmsg.orig);
} else if (!strcmp(cmsg.cmd, "DCC")
&& p->conn_class->dcc_proxy_incoming) {
diff -u dircproxy-1.0.5/debian/changelog dircproxy-1.0.5/debian/changelog
--- dircproxy-1.0.5/debian/changelog
+++ dircproxy-1.0.5/debian/changelog
@@ -1,3 +1,12 @@
+dircproxy (1.0.5-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Backport upstream patch to fix a NULL pointer reference, which
+ can lead to a DoS (Closes: #445883)
+ Fixes: CVE-2007-5226
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 09 Oct 2007 07:36:49 +0000
+
dircproxy (1.0.5-5) unstable; urgency=low
* Dropped stale dircproxy.net references from README. Thanks, Steen
signature.asc
Description: This is a digitally signed message part.
