Your message dated Thu, 08 Sep 2016 19:47:08 +0000
with message-id <e1bi5hw-0002i1...@franck.debian.org>
and subject line Bug#836714: fixed in charybdis 3.4.2-5+deb8u2
has caused the Debian Bug report #836714,
regarding charybdis: CVE-2016-7143: certificate fingerprint spoofing through
crafted SASL messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
836714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: inspircd
Version: 2.0.5-1+deb7u2
Severity: critical
Tags: security
inspircd published 2.0.23 that fixes an issue with SASL
authentication. The details are here:
http://www.inspircd.org/2016/09/03/v2023-released.html
All versions are affected.
Upstream hasn't requested a CVE yet. I will contact oss-security to
make sure that happens.
It seems to also affect Charybdis, which fixed the issue in the
upcoming 3.5.3 release:
https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
I will take care of the 3.5.3 upload or backporting those patches to
3.5.2 and 3.4 (if relevant) as soon as I can.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable'), (1, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: charybdis
Source-Version: 3.4.2-5+deb8u2
We believe that the bug you reported is fixed in the latest version of
charybdis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 836...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antoine Beaupré <anar...@debian.org> (supplier of updated charybdis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Sep 2016 19:41:12 -0400
Source: charybdis
Binary: charybdis charybdis-dbg
Architecture: source amd64
Version: 3.4.2-5+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Antoine Beaupré <anar...@debian.org>
Changed-By: Antoine Beaupré <anar...@debian.org>
Description:
charybdis - fast, scalable irc server
charybdis-dbg - fast, scalable irc server
Closes: 836714
Changes:
charybdis (3.4.2-5+deb8u2) jessie-security; urgency=high
.
* add fix for CVE-2016-7143, backported from upstream (Closes: #836714)
Checksums-Sha1:
e91fc06bda53191cb81048d6d90fa9e6734bfb34 2087 charybdis_3.4.2-5+deb8u2.dsc
bb7a87f876a1c9870acf4a9676ad37e2b0c6ce6d 1941172 charybdis_3.4.2.orig.tar.gz
c0e65d5f43b3674cd6dde3efafc4874c6904614a 23356
charybdis_3.4.2-5+deb8u2.debian.tar.xz
ce724f2d9bd08a81275f1f85eb51fc46d5488540 578934
charybdis_3.4.2-5+deb8u2_amd64.deb
836f11801908ad411849778566cdbded56776dda 1518646
charybdis-dbg_3.4.2-5+deb8u2_amd64.deb
Checksums-Sha256:
d2fe499fea40c1ce8e3ef9e38bf69a66c33a47697ccda761867034f211dc0965 2087
charybdis_3.4.2-5+deb8u2.dsc
cbc20aca5022758b9039a34237a1d7a0f99b48ec5c3ef8e7a04d49f3bc264789 1941172
charybdis_3.4.2.orig.tar.gz
93c57b942db77a4612eaef1e3d826918228ae39ecaed8856f36d13a975d248f1 23356
charybdis_3.4.2-5+deb8u2.debian.tar.xz
c768e732621584ceca861de49470286299f83a039f3b5d80704d2e937c91a9e6 578934
charybdis_3.4.2-5+deb8u2_amd64.deb
9d10a0718ab0ca3e446a8d572a37877e94e7575a801b3f9f7151c64839b0bf24 1518646
charybdis-dbg_3.4.2-5+deb8u2_amd64.deb
Files:
7f9e129da6b6ee06858af78741847c29 2087 net optional charybdis_3.4.2-5+deb8u2.dsc
6fd12f8c9ac99b8f6215488a47b37319 1941172 net optional
charybdis_3.4.2.orig.tar.gz
f16074c8dc6e7814e34ab5f93cee39d9 23356 net optional
charybdis_3.4.2-5+deb8u2.debian.tar.xz
7c90d2d9751885e982c6821297bd996d 578934 net optional
charybdis_3.4.2-5+deb8u2_amd64.deb
2c6df8c459ef467ed5e4e4d8e95459eb 1518646 debug extra
charybdis-dbg_3.4.2-5+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXzsiaAAoJEHkhUlJ7dZIerngQALASA6H9/WGlgyJyymNg6G2V
Cle/AyPx7D9ng8FQE51my293fDyOYLgraSYqZQj7CNimUAcT3pRj4+oHRxr4+yYH
mexIGSdLSFWnVHm0lktcZyHFkS4zKm/a1C0tWvblk9g7TnGAMdq2rV3nWCXNemy3
5ukEjLVBbNFWDIAkJMeJQ8zXe7dGbkuwZchzX+RZ+LKOnyxWhrmgW/YFcXvvu1ZF
xcYG8wSuItfRCwsvsoEfOkphA6n9hASfNZzNgIOgzOv2GXVKuKM2ZEFe9orxAVL5
H5Q0ylW/W97VJ1f/0J2My7ukKCoj8YcAwkBKC/d+6lRe5S1MkgN/bSe99aJ32MlH
BAGEKjkcmuAoqt/UujO06vKPc0a0vh/2jBuA0BOXt9Rf5WJ9j5hj+/R4ukQ7n6Sl
izwLiieXyQQ/sfg8e5G1cQLwmgabq9/VZG6q+jHdrqg+MOZyNaPYw63sS9yJG+qL
fBtJ15vMMRTJ72wT+ZBe/9eoTWBLlkIP0p8dpQihpCQaioVGcEhS0p/sqfkI7a5K
oESWCazvR4k9CZ3H2rT0EItwzKV86BzWSzub8tHI/qM5OXouQkubZDeu9K/wI5QT
Ct7YY3Zsx90jM6FNftk5wUYgoM5QUt4EUhB9YnEOPb02ujiGAX8oDbgjd+nhBW8D
earyTjDV2atZ0SNcvt9X
=jJTB
-----END PGP SIGNATURE-----
--- End Message ---
