Your message dated Sun, 14 Sep 2008 01:43:37 +0100
with message-id <[EMAIL PROTECTED]>
and subject line marking bug fixed in current sid version
has caused the Debian Bug report #461067,
regarding ngircd: CVE-2008-0285 remote denial of service via crafted part
message
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
461067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461067
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ngircd
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ngircd.
CVE-2008-0285[0]:
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows
| remote attackers to cause a denial of service (crash) via crafted IRC
| PART message, which triggers an invalid dereference.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0285
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpr0UlcWhvRQ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
version: 0.12.1-1
This seems to be fixed in the new upstream version (and since it was a
patch backported from upstream that would make sense), marking it as such.
--- End Message ---
