** Patch added: "Debian patch for fixing Denial of Service vulnerabilities." https://bugs.launchpad.net/bugs/913836/+attachment/2664467/+files/01-fix-bouncedcc-dos.diff
** Visibility changed to: Public ** Description changed: Vulnerability exists in bouncedcc module. Vulnerability will cause a crash when DCC RESUME is received. Upstream fix: https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9 Patch (from Debian): http://patch-tracker.debian.org/patch/series/view/znc/0.202-2/01-fix-bouncedcc-dos.diff Debian patch may need to be tweaked for Ubuntu, however I cannot confirm this (patch attached to bug anyways) + + + PACKAGES NEEDING FIXES: + Precise Universe + Oneiric Backports + Natty Backports (does not build, due to a bug blocking it) ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/913836 Title: ZNC 0.202: vulnerability in bouncedcc module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/znc/+bug/913836/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
