This bug was fixed in the package znc - 0.078-1ubuntu0.1
---------------
znc (0.078-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: denial of service caused by NULL pointer dereference
(LP: #1090195)
- debian/patches/cve-2010-2448.patch: modify znc.cpp to prevent NULL
pointer dereference. Based on upstream patch.
- CVE-2010-2448
- CVE-2010-2488
* SECURITY UPDATE: denial of service caused by PING command without
arguments (LP: #1090195)
- debian/patches/cve-2010-2812.patch: modify Client.cpp to correctly
handle PING commands that have no arguments. Based on upstream patch.
- CVE-2010-2812
* SECURITY UPDATE: denial of service via unknown vectors related to
"unsafe substr() calls" (LP: #1090195)
- debian/patches/cve-2010-2934.patch: modify IRCSock.cpp,
modules/adminlog.cpp, modules/away.cpp, and modules/email.cpp to
remove unsafe substr() calls. Based on upstream patch.
- CVE-2010-2934
-- Thomas Ward <[email protected]> Tue, 18 Dec 2012 06:29:44 +0000
** Changed in: znc (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1090195
Title:
ZNC security report: CVEs for Lucid, Hardy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1090195/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
