Bug#601521: marked as done (irssi-plugin-silc vulnerable to CVE-2010-1156)

Thu, 28 Oct 2010 10:33:25 -0700 

Your message dated Thu, 28 Oct 2010 18:49:38 +0200
with message-id <20101028164938.gf21...@qamar>
and subject line Re: [Pkg-silc-devel] Bug#601521: irssi-plugin-silc vulnerable 
to CVE-2010-1156
has caused the Debian Bug report #601521,
regarding irssi-plugin-silc vulnerable to CVE-2010-1156
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
601521: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601521
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: irssi-plugin-silc
Version: 1.1.4-1+lenny
Severity: important
Tags: security

silc-client embeds irssi. irssi has this known vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156. I have
confirmed that the following patch has not been applied
http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126
.

--- End Message ---
--- Begin Message --- 
Version: 1.1.7-1

> silc-client embeds irssi. irssi has this known vulnerability
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156. I have
> confirmed that the following patch has not been applied
> http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126
> .

The embedded code copy is not used anymore since version 1.1.7-1.
Quoting debian/changelog:

  * Since Debian Policy 3.8.0, embedded code copy are officially not
    allowed in Debian anymore.  As it was a minor fork of irssi, the
    silc package providing the official SILC client has been
    discontinued.
  * Use a custom build system for the irssi plugin.  We now
    Build-Depends on irssi-dev instead of relying on irssi embedded code
    copy.  (Closes: #448186, #522080)
  * Remove extra symlinks for irssi plugin.  (Closes: #476177)
  * Ship the silc package as a transitional package which depends
    on irssi and irssi-plugin-silc and contains a NEWS file.

Lenny ships version 1.1.7-2 and Etch is unsupported at this time.
Nothing to act on, hence closing this bug.

Cheers,
-- 
Jérémy Bobbio                        .''`. 
[email protected]               : :   :             [email protected]
                                    `. `'` 
                                      `-

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply via email to