Your message dated Sat, 5 Jan 2008 14:01:16 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#451875 closed by Steffen Joeris <[EMAIL PROTECTED]> (patch
included)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ngircd
Version: 0.10.0-2
Severity: important
Tags: security
Hi,
according to the ngircd homepage there's an issue in ngircd before
0.10.3:
| ngIRCd-versions previous to 0.10.3 comprise an error which can be used
| (also by remote) to crash the daemon. All installations should be
| updated to version 0.10.3 or subsequent versions.
Can you please check whether the etch version of ngircd is affected
(I'd be really surprised if not) and prepare an according update? The
diff between 0.10.2 and 0.10.3 is quite short and seems to apply.
Christoph
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.8
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages ngircd depends on:
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libssp0 4.1.1-21 GCC stack smashing protection libr
ngircd recommends no packages.
-- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
fixed 451875 0.10.3-1
thanks
On Sat, 5 Jan 2008 01:54:41 pm Christoph Biedl wrote:
> reopen 451875
> quit
The stable security team is aware of that issue, as it is in the security
tracker[0].
By the way, this is marked as a minor issue and there won't be a DSA just for
this issue. It can maybe be fixed with a stable upload in a point release,
which needs to be checked with the release team.
I've marked the bug as fixed with the version specified in the security
tracker and the BTS knows about versioning, so there is no point in having an
open bug for stable.
> Steffen Joeris wrote:
> > Patch is included in current sid version, thus closing this bug.
>
> Read the bug report from the very beginning. The problem is the stable
> release of ngircd. Thus reopening.
>
> Not amused.
Not amused either.
Cheers
Steffen
[0]: http://security-tracker.debian.net/tracker/
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
