Package: charybdis Followup-For: Bug #697092 Hi,
attaching proposed debdiff containing the upstream patch as well an updated debian/changelog for an NMU. Would be willing to do the NMU if no one else volunteers. Cheers, Adrian
diff -Nru charybdis-3.3.0/debian/changelog charybdis-3.3.0-CVE-2012-6084/debian/changelog --- charybdis-3.3.0/debian/changelog 2011-11-30 00:17:54.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/changelog 2013-01-02 20:58:33.748765147 +0100 @@ -1,3 +1,11 @@ +charybdis (3.3.0-7.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix remote denial of service vulnerability + CVE-2012-6084 (Closes: #697092). + + -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> Wed, 02 Jan 2013 20:57:36 +0100 + charybdis (3.3.0-7) unstable; urgency=low * patch: default NICKLEN to 30 to fit a commonly used value and the new diff -Nru charybdis-3.3.0/debian/patches/CVE-2012-6084.patch charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch --- charybdis-3.3.0/debian/patches/CVE-2012-6084.patch 1970-01-01 01:00:00.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch 2013-01-02 20:57:08.790958689 +0100 @@ -0,0 +1,26 @@ +From ac0707aa61d9c20e9b09062294701567c9f41595 Mon Sep 17 00:00:00 2001 +From: William Pitcock <neno...@dereferenced.org> +Date: Mon, 31 Dec 2012 13:13:05 -0600 +Subject: [PATCH] m_capab: fix a possible remote crash triggered by the CAPAB + parsing code. + +--- + modules/m_capab.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/m_capab.c b/modules/m_capab.c +index 54e9a53..b03fb3f 100644 +--- a/modules/m_capab.c ++++ b/modules/m_capab.c +@@ -38,7 +38,7 @@ + + struct Message capab_msgtab = { + "CAPAB", 0, 0, 0, MFLG_SLOW | MFLG_UNREG, +- {{mr_capab, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore} ++ {{mr_capab, 2}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore} + }; + struct Message gcap_msgtab = { + "GCAP", 0, 0, 0, MFLG_SLOW, +-- +1.7.10 + diff -Nru charybdis-3.3.0/debian/patches/series charybdis-3.3.0-CVE-2012-6084/debian/patches/series --- charybdis-3.3.0/debian/patches/series 2011-11-30 00:17:54.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/series 2013-01-02 20:57:31.618369271 +0100 @@ -5,3 +5,4 @@ no-rpath cleanup-bandb-properly default_nicklen +CVE-2012-6084.patch diff -Nru charybdis-3.3.0/debian/patches/series~ charybdis-3.3.0-CVE-2012-6084/debian/patches/series~ --- charybdis-3.3.0/debian/patches/series~ 1970-01-01 01:00:00.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/series~ 2011-11-30 00:17:54.000000000 +0100 @@ -0,0 +1,7 @@ +fix-paths +ircd.conf +no_hardcoded_bandb_dpath +non-static-sqlite +no-rpath +cleanup-bandb-properly +default_nicklen