This bug was fixed in the package eggdrop - 1.6.18-1.1ubuntu1.1
---
eggdrop (1.6.18-1.1ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: Fix buffer overflows (LP: #377054)
- debian/patches/CVE-2007-2807.patch: Former patch was not fully applied.
This patch now fully ap
** Changed in: eggdrop (Ubuntu Hardy)
Status: Confirmed => Fix Committed
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
ACK, though it took me a minute to figure that the patch removed
01_CVE-2007-2807_servmsg.patch to replace it with CVE-2007-2807.patch.
Brian, in the future please either update the existing patch or give
instructions in the bug that '-E' should be used when applying the
debdiff. These changes shou
** Patch added: "Hardy patch"
http://launchpadlibrarian.net/51185784/eggdrop_1.6.18-1.1ubuntu1.1.debdiff
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubun
** Branch linked: lp:ubuntu/intrepid-security/eggdrop
** Branch linked: lp:ubuntu/jaunty-security/eggdrop
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
This bug was fixed in the package eggdrop - 1.6.19-1.1ubuntu1.9.04.1
---
eggdrop (1.6.19-1.1ubuntu1.9.04.1) jaunty-security; urgency=low
* SECURITY UPDATE: Incomplete patch for CVE-2007-2807, buffer can still
overflow in case of strlen(ctcpbuf) returning zero (LP: #377054)
-
This bug was fixed in the package eggdrop - 1.6.19-1.1ubuntu1.8.10.1
---
eggdrop (1.6.19-1.1ubuntu1.8.10.1) intrepid-security; urgency=low
* SECURITY UPDATE: Incomplete patch for CVE-2007-2807, buffer can still
overflow in case of strlen(ctcpbuf) returning zero (LP: #377054)
> - the versioning is almost perfect, but needs to be higher than the
existing versions. Instead of 1.6.19-1.1ubuntu0.9.04.1, you'd want
1.6.19-1.1ubuntu1.9.04.1 since 1.6.19-1.1ubuntu1 is already in the
archive and higher than 1.6.19-1.1ubuntu0.9.04.1. The distro-numbering
is right on, though.
Yes, hardy's changelog appears to have the same partial patch mentioned,
so I assume it is vulnerable as well. I've just uploaded the merge for
Karmic, so I've closed the other bug too.
** Changed in: eggdrop (Ubuntu Karmic)
Status: In Progress => Fix Released
** Changed in: eggdrop (Ubun
You believe it affects Hardy, 1.6.18?
By the way, about Karmic, I have opened a request for merge: bug #377247
Should I close it?
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which
Hi! Thanks very much for the debdiffs. There are a few suggestions I'd like
to make:
- the versioning is almost perfect, but needs to be higher than the existing
versions. Instead of 1.6.19-1.1ubuntu0.9.04.1, you'd want
1.6.19-1.1ubuntu1.9.04.1 since 1.6.19-1.1ubuntu1 is already in the archi
Does not seem to affect Dapper.
** Changed in: eggdrop (Ubuntu)
Status: Confirmed => In Progress
** Also affects: eggdrop (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: eggdrop (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: eggdr
** Attachment added: "eggdrop_jaunty.patch"
http://launchpadlibrarian.net/26811734/eggdrop_jaunty.patch
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
I hope these are ok. :)
I can't test them at the moment (maybe in about 4 days when I go back home).
The packages build fine:
https://launchpad.net/~medigeek/+archive/experimental/+sourcepub/631791/+listing-archive-extra
https://launchpad.net/~medigeek/+archive/experimental/+sourcepub/631790/+list
** Attachment added: "eggdrop_intrepid.patch"
http://launchpadlibrarian.net/26811732/eggdrop_intrepid.patch
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
** Changed in: eggdrop (Ubuntu)
Status: Confirmed => In Progress
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
** Changed in: eggdrop (Debian)
Status: Unknown => Fix Released
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubun
I can try, but I'm not at home unfortunately, perhaps tomorrow - if
anyone wants to do this, be my guest! :)
--
eggdrop/windrop remote crash vulnerability
https://bugs.launchpad.net/bugs/377054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubun
Thank you for using Ubuntu and taking the time to report a bug. This
package is in universe and is community supported. If you are able,
perhaps you could prepare debdiffs to fix this by following
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.
** Visibility changed to: Public
** Changed
19 matches
Mail list logo
