Debian Bug report logs - #427157
CVE-2007-2807: stack-based buffer overflow

version graph

Package: eggdrop; Maintainer for eggdrop is Debian QA Group <packages@qa.debian.org>; Source for eggdrop is src:eggdrop.

Reported by: Florian Weimer <fw@deneb.enyo.de>

Date: Sat, 2 Jun 2007 07:51:01 UTC

Severity: grave

Tags: security

Found in version eggdrop/1.6.18-1

Fixed in version eggdrop/1.6.18-1.1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#427157; Package eggdrop. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to gpastore@debian.org (Guilherme de S. Pastore). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: submit@bugs.debian.org
Subject: CVE-2007-2807: stack-based buffer overflow
Date: Sat, 02 Jun 2007 09:50:18 +0200
Package: eggdrop
Version: 1.6.18-1
Severity: grave
Tags: security

A stack-based buffer overflow has been discovered in eggdrop:

http://www.eggheads.org/bugzilla/show_bug.cgi?id=462

Please mention the name CVE-2007-2807 in the changelog when fixing
this bug.



Information forwarded to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#427157; Package eggdrop. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore). Full text and rfc822 format available.

Message #10 received at 427157@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 427157@bugs.debian.org
Cc: fw@deneb.enyo.de
Subject: Re: CVE-2007-2807: stack-based buffer overflow
Date: Sun, 12 Aug 2007 17:59:48 +0200
[Message part 1 (text/plain, inline)]
Hi,
I intend to upload an NMU to fix this problem, attached is a 
patch which should fix CVE-2007-2807.

The patch is also archived on:
http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.18-1_1.6.18-1.1.patch

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[eggdrop-1.6.18-1_1.6.18-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 427157-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 427157-close@bugs.debian.org
Subject: Bug#427157: fixed in eggdrop 1.6.18-1.1
Date: Mon, 13 Aug 2007 11:47:03 +0000
Source: eggdrop
Source-Version: 1.6.18-1.1

We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:

eggdrop-data_1.6.18-1.1_all.deb
  to pool/main/e/eggdrop/eggdrop-data_1.6.18-1.1_all.deb
eggdrop_1.6.18-1.1.diff.gz
  to pool/main/e/eggdrop/eggdrop_1.6.18-1.1.diff.gz
eggdrop_1.6.18-1.1.dsc
  to pool/main/e/eggdrop/eggdrop_1.6.18-1.1.dsc
eggdrop_1.6.18-1.1_i386.deb
  to pool/main/e/eggdrop/eggdrop_1.6.18-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 427157@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated eggdrop package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 12 Aug 2007 16:42:31 +0200
Source: eggdrop
Binary: eggdrop-data eggdrop
Architecture: source i386 all
Version: 1.6.18-1.1
Distribution: unstable
Urgency: high
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 eggdrop    - Advanced IRC Robot
 eggdrop-data - Architecture independent files for eggdrop
Closes: 427157
Changes: 
 eggdrop (1.6.18-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by secure testing team.
   * Fix for CVE-2007-2807 (01_CVE-2007-2807_srvmsg.patch) (Closes: #427157).
Files: 
 1040b0078f48b89928ec1c9e43d798dc 636 net extra eggdrop_1.6.18-1.1.dsc
 4181e8599032607c6699da75416d0f65 7617 net extra eggdrop_1.6.18-1.1.diff.gz
 7af19b2d784c4669e3d66aeefd2ba45a 409972 net extra eggdrop-data_1.6.18-1.1_all.deb
 7547e2c0e44ae3ccefe6c973a35ab8c4 462440 net extra eggdrop_1.6.18-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGwECQHYflSXNkfP8RAgYGAJ0ZyAe+g8IuL+ys1OZ5BtQT3FiRRACdEiHH
0QBFaiynC/GA9atjXkVsS2g=
=BBgt
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 09:22:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 19:41:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.