Your message dated Tue, 23 Feb 2010 19:57:12 +0000
with message-id <e1nk0sa-00047m...@ries.debian.org>
and subject line Bug#550389: fixed in hybserv 1.9.2-4+etch1
has caused the Debian Bug report #550389,
regarding hybserv: misparsing when sent commands with tabs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
550389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: hybserv
Version: 1.9.2-4
Severity: important
Tags: patch
Hi,
sending 'PRIVMSG memoserv :help \t' crashes hybserv.
GiveHelp is called with command="\t", so SplitBuf(command, &cav) at
helpserv.c:365 returns 0, and the next line calls strlcpy() with src ==
NULL.
I fixed this by replacing "while (*buf == ' ')" with "while
(IsSpace(*buf))" in mystring.c:145. This way the first parsing in
ms_process() returns 1, and m_help() calls GiveHelp with command ==
NULL, avoiding the crash.
All of mystring.c, memoserv.c and helpserv.c seem to be unchanged
between 1.9.2 and 1.9.4 so I'm pretty sure it's not fixed in any
upstream release.
Cheers,
Julien
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: hybserv
Source-Version: 1.9.2-4+etch1
We believe that the bug you reported is fixed in the latest version of
hybserv, which is due to be installed in the Debian FTP archive:
hybserv_1.9.2-4+etch1.diff.gz
to main/h/hybserv/hybserv_1.9.2-4+etch1.diff.gz
hybserv_1.9.2-4+etch1.dsc
to main/h/hybserv/hybserv_1.9.2-4+etch1.dsc
hybserv_1.9.2-4+etch1_i386.deb
to main/h/hybserv/hybserv_1.9.2-4+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated hybserv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 29 Jan 2010 13:44:29 +0000
Source: hybserv
Binary: hybserv
Architecture: source i386
Version: 1.9.2-4+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Aurélien GÉRÔME <a...@roxor.cx>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
hybserv - IRC services for IRCD-Hybrid
Closes: 550389
Changes:
hybserv (1.9.2-4+etch1) oldstable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix DoS via commands with tabs (Closes: #550389)
Fixes: CVE-2010-0303
* Add db_stop to hybserv.postinst to avoid that the postinst script
hangs due to open debconf file descriptors
Thanks to Julien Cristau
Files:
58fad4dbd63b3a05377688d714ba82b2 606 net extra hybserv_1.9.2-4+etch1.dsc
9e34b664e63f7f6dce75719e5235a3a7 12958 net extra hybserv_1.9.2-4+etch1.diff.gz
220d062a2c67911191e9fa2727e1ab6b 212992 net extra
hybserv_1.9.2-4+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktjGbgACgkQ62zWxYk/rQcyOgCcD8pMhtCmOneCV/+ZiQeZQYLy
T+EAn027ZbQiAI31C29js/h9Es75ITPp
=7Vq5
-----END PGP SIGNATURE-----
--- End Message ---
