** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash with "FATAL: Failed assetion in src/irc.c(2447): n
To manage notifications about this bug go
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash with FATAL: Failed assetion in src/irc.c(2447): n
To manage notifications about this bug
So the patch appears to have fixed the failed assertion, but the source of the
problem still appears to have been a file descriptor leak. Discussed upstream
here.
https://projects.duckcorp.org/issues/261
I'm now testing with this additional fix. And things appear to be
fixed. I'm not longer
I'm fairly certain this issue is being caused by time warner *(or an
attacker with a time warner IP) port scanning my machine. It's
connecting to the port, failing the ssl handshake, and bip leaks the FD.
Not sure if the SRU team or the security team wants to take the fix.
** Changed in: bip
As this can be considered a DoS vulnerability here are the debdiffs for
q, r, and s as well. Trusty already has this fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash
** Patch added: lp1247888.raring.debdiff
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903373/+files/lp1247888.raring.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: lp1247888.saucy.debdiff
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903375/+files/lp1247888.saucy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: lp1247888.quantal.debdiff
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888/+attachment/3903372/+files/lp1247888.quantal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ACK on the debdiffs. I will push them as security updates with some
minor changelog changes. Thanks!
** Also affects: bip (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: bip (Ubuntu Raring)
Importance: Undecided
Status: New
** Also affects: bip (Ubuntu
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4550
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash with FATAL: Failed assetion in src/irc.c(2447): n
This bug was fixed in the package bip - 0.8.8-1ubuntu0.3
---
bip (0.8.8-1ubuntu0.3) precise-security; urgency=low
* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
socket, and never close the connection. (LP: #1247888)
-
This bug was fixed in the package bip - 0.8.8-2ubuntu0.13.04.1
---
bip (0.8.8-2ubuntu0.13.04.1) raring-security; urgency=low
* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
socket, and never close the connection. (LP: #1247888)
-
This bug was fixed in the package bip - 0.8.8-2ubuntu1.1
---
bip (0.8.8-2ubuntu1.1) saucy-security; urgency=low
* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
socket, and never close the connection. (LP: #1247888)
-
This bug was fixed in the package bip - 0.8.8-2ubuntu0.12.10.1
---
bip (0.8.8-2ubuntu0.12.10.1) quantal-security; urgency=low
* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
socket, and never close the connection. (LP: #1247888)
-
Since this is a security fix, it needs to be built and released in the
-security pocket.
I have rebuilt this as a security update, and have released it,
superseding the -proposed package.
Thanks!
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0806
--
You received this
Well sorry to burst everyone's bubble, but my bip server just crashed
again this morning.
The end of the log looks like this
05-11-2013 10:26:04 ERROR: Error in SSL handshake.
05-11-2013 10:26:04 ERROR: Error on fd 35 (state 3)
05-11-2013 10:26:04 ERROR: client read_lines error, closing...
Hello Dave, or anyone else affected,
Accepted bip into precise-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/bip/0.8.8-1ubuntu0.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Branch linked: lp:~ubuntu-branches/ubuntu/precise/bip/precise-
proposed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash with FATAL: Failed assetion in src/irc.c(2447): n
The proposed package is now installed on my server machine. I will
verify in a week if any more crashes have occurred.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247888
Title:
bip crash with
Hi Stéphane - this should go through precise-security instead of
precise-updates. Can we put a stop on the SRU process and allow a
security team member sponsor this for precise-security?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Here is the debdiff that contains the CVE backport from quantal.
** Patch added: lp1247888.precise.debdiff
https://bugs.launchpad.net/ubuntu/+source/bip/+bug/1247888/+attachment/3899962/+files/lp1247888.precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
I'm currently running with the above debdiff on my server, and all
appears to be going well.
** Description changed:
+ [Impact]
+
+ * Bip crashes with FATAL: Failed assetion in src/irc.c(2447): n in
+ log
+
+ * Current version of bip in precise is vulnerable to the following CVE
+
** Also affects: bip (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: bip (Ubuntu Precise)
Assignee: (unassigned) = Dave Chiluk (chiluk)
** Changed in: bip (Ubuntu Precise)
Status: New = In Progress
** Changed in: bip (Ubuntu Precise)
Importance:
Uploaded with a few modifications.
** Patch added: lp1247888.precise.debdiff
https://bugs.launchpad.net/ubuntu/+source/bip/+bug/1247888/+attachment/3900269/+files/lp1247888.precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
24 matches
Mail list logo