Forgot the attachment. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ngircd-0.10.3/debian/changelog ngircd-0.10.3/debian/changelog
--- ngircd-0.10.3/debian/changelog
+++ ngircd-0.10.3/debian/changelog
@@ -1,3 +1,13 @@
+ngircd (0.10.3-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * This update addresses the following security issue:
+ - A crafted PART message could lead to referencing invalid
+ memory and thus causing a denial of service situation
+ (CVE-2008-0285; Closes: #461067).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 16 Jan 2008 13:15:06 +0100
+
ngircd (0.10.3-1) unstable; urgency=low
* New maintainer E-Mail address.
diff -u ngircd-0.10.3/debian/patches/00list ngircd-0.10.3/debian/patches/00list
--- ngircd-0.10.3/debian/patches/00list
+++ ngircd-0.10.3/debian/patches/00list
@@ -1,0 +2 @@
+CVE-2008-0285
only in patch2:
unchanged:
--- ngircd-0.10.3.orig/debian/patches/CVE-2008-0285.dpatch
+++ ngircd-0.10.3/debian/patches/CVE-2008-0285.dpatch
@@ -0,0 +1,39 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-0285.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad ngircd-0.10.3~/src/ngircd/irc-channel.c ngircd-0.10.3/src/ngircd/irc-channel.c
+--- ngircd-0.10.3~/src/ngircd/irc-channel.c 2007-07-31 20:57:06.000000000 +0200
++++ ngircd-0.10.3/src/ngircd/irc-channel.c 2008-01-16 13:14:46.000000000 +0100
+@@ -270,7 +270,8 @@
+ assert( Req != NULL );
+
+ /* Falsche Anzahl Parameter? */
+- if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
++ if((Req->argc < 1) || (Req->argc > 2 ))
++ return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+
+ /* Wer ist der Absender? */
+ if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );
+@@ -278,15 +279,9 @@
+ if( ! target ) return IRC_WriteStrClient( Client, ERR_NOSUCHNICK_MSG, Client_ID( Client ), Req->prefix );
+
+ /* Channel-Namen durchgehen */
+- chan = strtok( Req->argv[0], "," );
+- while( chan )
+- {
+- if( ! Channel_Part( target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID( target )))
+- {
+- /* naechsten Namen ermitteln */
+- chan = strtok( NULL, "," );
+- continue;
+- }
++ chan = strtok(Req->argv[0], ",");
++ while (chan) {
++ Channel_Part(target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID(target));
+
+ /* naechsten Namen ermitteln */
+ chan = strtok( NULL, "," );
only in patch2:
unchanged:
pgpwVkTw8e9ii.pgp
Description: PGP signature
