Hi, I can't reproduce this bug on my amd64 testing debian, using XFCE and xchat 2.8.8-6.
With the "proof of concept" script referenced in the CVE, I get no crash. Only the following line on STDERR repeated thousands of times: *** XCHAT WARNING: Buffer overflow - shit server! The part of the code that handles this security concern is: http://xchat.svn.sourceforge.net/viewvc/xchat/src/common/server.c?revision=1502&view=markup#l410 It first fills a buffer with recv() from sys/socket, then reads it char by char untill the destination is full (line 472). Hope that helps -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
