Debian Bug report logs - #528778
eggdrop: incomplete patch for CVE-2007-2807

version graph

Package: eggdrop; Maintainer for eggdrop is Debian QA Group <packages@qa.debian.org>; Source for eggdrop is src:eggdrop.

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 15 May 2009 12:21:04 UTC

Severity: grave

Tags: security

Fixed in versions 1.6.19-1.2, eggdrop/1.6.18-1etch2, eggdrop/1.6.19-1.1+lenny1

Done: Sebastien Delafond <seb@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop. (Fri, 15 May 2009 12:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, gpastore@debian.org (Guilherme de S. Pastore). (Fri, 15 May 2009 12:21:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: eggdrop: incomplete patch for CVE-2007-2807
Date: Fri, 15 May 2009 14:18:26 +0200
Package: eggdrop
Severity: grave
Tags: security
Justification: user security hole

Hi,
turns out my patch has a bug in it which opens this up for a
buffer overflow again in case strlen(ctcpbuf) returns 0:
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341


Too bad noone noticed that before.
I am going to upload a 0-day NMU now to fix this.

debdiff available on:
http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch

(includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).

Cheers
Nico




Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Fri, 15 May 2009 12:30:04 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Fri, 15 May 2009 12:30:04 GMT) Full text and rfc822 format available.

Message #10 received at 528778-done@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 528778-done@bugs.debian.org
Subject: closing
Date: Fri, 15 May 2009 14:26:08 +0200
[Message part 1 (text/plain, inline)]
Version: 1.6.19-1.2


-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop. (Fri, 15 May 2009 16:54:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore). (Fri, 15 May 2009 16:54:02 GMT) Full text and rfc822 format available.

Message #15 received at 528778@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: Nico Golde <nion@debian.org>, 528778@bugs.debian.org
Subject: Re: [Secure-testing-team] Bug#528778: eggdrop: incomplete patch for CVE-2007-2807
Date: Fri, 15 May 2009 12:53:24 -0400
On Fri, 15 May 2009 14:18:26 +0200, Nico Golde wrote:
> Package: eggdrop
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> turns out my patch has a bug in it which opens this up for a
> buffer overflow again in case strlen(ctcpbuf) returns 0:
> http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
> 
> 
> Too bad noone noticed that before.
> I am going to upload a 0-day NMU now to fix this.
> 
> debdiff available on:
> http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
> 
> (includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).
> 
> Cheers
> Nico

does this mean that DSA-1448 needs to be reissued?  and is that in the
works?  should the etch fixed version get removed from the DSA list to
reindicate that etch is vulnerable?

mike




Information forwarded to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#528778; Package eggdrop. (Fri, 15 May 2009 19:00:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore). (Fri, 15 May 2009 19:00:07 GMT) Full text and rfc822 format available.

Message #20 received at 528778@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Cc: 528778@bugs.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: [Secure-testing-team] Bug#528778: eggdrop: incomplete patch for CVE-2007-2807
Date: Fri, 15 May 2009 20:52:49 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Michael S. Gilbert <michael.s.gilbert@gmail.com> [2009-05-15 19:45]:
> On Fri, 15 May 2009 14:18:26 +0200, Nico Golde wrote:
[...] 
> > turns out my patch has a bug in it which opens this up for a
> > buffer overflow again in case strlen(ctcpbuf) returns 0:
> > http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
> > 
> > 
> > Too bad noone noticed that before.
> > I am going to upload a 0-day NMU now to fix this.
> > 
> > debdiff available on:
> > http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
> > 
> > (includes the wrong bug number to close as I tried to reopen it fist but it failed because it was already archived).
> 
> does this mean that DSA-1448 needs to be reissued?

Yes

> and is that in the works?

No

> should the etch fixed version get removed from the DSA 
> list to reindicate that etch is vulnerable?

No there will be a -2 DSA if any that reflects the previous 
fix being incomplete.

Cheers
Nico
P.S. this belongs on the testing-security team mailing list 
and not to the BTS.

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Sebastien Delafond <seb@debian.org>:
You have taken responsibility. (Sat, 04 Jul 2009 14:24:03 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Sat, 04 Jul 2009 14:24:03 GMT) Full text and rfc822 format available.

Message #25 received at 528778-close@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: 528778-close@bugs.debian.org
Subject: Bug#528778: fixed in eggdrop 1.6.18-1etch2
Date: Sat, 04 Jul 2009 13:54:32 +0000
Source: eggdrop
Source-Version: 1.6.18-1etch2

We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:

eggdrop-data_1.6.18-1etch2_all.deb
  to pool/main/e/eggdrop/eggdrop-data_1.6.18-1etch2_all.deb
eggdrop_1.6.18-1etch2.diff.gz
  to pool/main/e/eggdrop/eggdrop_1.6.18-1etch2.diff.gz
eggdrop_1.6.18-1etch2.dsc
  to pool/main/e/eggdrop/eggdrop_1.6.18-1etch2.dsc
eggdrop_1.6.18-1etch2_i386.deb
  to pool/main/e/eggdrop/eggdrop_1.6.18-1etch2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 22 Jun 2009 12:53:51 +0200
Source: eggdrop
Binary: eggdrop-data eggdrop
Architecture: source i386 all
Version: 1.6.18-1etch2
Distribution: oldstable-security
Urgency: high
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description: 
 eggdrop    - Advanced IRC Robot
 eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes: 
 eggdrop (1.6.18-1etch2) oldstable-security; urgency=high
 .
   * Security: Fix buffer overflow in case strlen(ctcpbuf) returns zero
     (Closes: #528778).
     Fixes: CVE-2009-1789
 .
   * Security: actually apply patch from 1.6.18-1etch1, that somehow got
     messed up and was never applied to mod/server.mod/servrmsg.c.
     Fixes: CVE-2007-2807
Files: 
 594b4749b9ec89f7d369643895710ad8 650 net extra eggdrop_1.6.18-1etch2.dsc
 1a18e0a558c7de704c220e6ed0f14bff 8016 net extra eggdrop_1.6.18-1etch2.diff.gz
 5f8afe289ebefcc7921fc1a9189c7efd 413124 net extra eggdrop-data_1.6.18-1etch2_all.deb
 945bb805188e10c0ce96e0b5d2295deb 475340 net extra eggdrop_1.6.18-1etch2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAko/aTwACgkQiZgNKcDdyD+VDQCfXb8AyKNp25xSUrrOA309Q8Cs
XZAAnjfklqbOMMnWIp1aSqKDoOGgcqF5
=Sr2l
-----END PGP SIGNATURE-----





Reply sent to Sebastien Delafond <seb@debian.org>:
You have taken responsibility. (Sat, 04 Jul 2009 14:24:05 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Sat, 04 Jul 2009 14:24:05 GMT) Full text and rfc822 format available.

Message #30 received at 528778-close@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: 528778-close@bugs.debian.org
Subject: Bug#528778: fixed in eggdrop 1.6.19-1.1+lenny1
Date: Sat, 04 Jul 2009 13:54:28 +0000
Source: eggdrop
Source-Version: 1.6.19-1.1+lenny1

We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:

eggdrop-data_1.6.19-1.1+lenny1_all.deb
  to pool/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
eggdrop_1.6.19-1.1+lenny1.diff.gz
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
eggdrop_1.6.19-1.1+lenny1.dsc
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
eggdrop_1.6.19-1.1+lenny1_i386.deb
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 22 Jun 2009 12:54:48 +0200
Source: eggdrop
Binary: eggdrop eggdrop-data
Architecture: source all i386
Version: 1.6.19-1.1+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description: 
 eggdrop    - Advanced IRC Robot
 eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes: 
 eggdrop (1.6.19-1.1+lenny1) stable-security; urgency=medium
 .
   * Security: fix buffer overflow in case strlen(ctcpbuf) returns zero
     (Closes: #528778).
     Fixes: CVE-2007-2807
Checksums-Sha1: 
 708fb1b00bcd15562a9a854215f95ef7430996b8 1083 eggdrop_1.6.19-1.1+lenny1.dsc
 74132ca6212a687457cb28c39fa111ae15032203 1033152 eggdrop_1.6.19.orig.tar.gz
 4abb94aed90ab59a345292ffc9d88dd471a5dff8 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
 e319d710b5fbfd6c4d1f2b3184fed0cfd4fdef8c 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
 30785a0a7b6a4dceb9f864d1c8c3da881d07149b 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Checksums-Sha256: 
 7f5d92230ddbbc37d084b46133e34bd88916dab47b482d7029ef0b25be763a3b 1083 eggdrop_1.6.19-1.1+lenny1.dsc
 868ff02cd9af2973f202f1abedcc7c88a936be645d3fe19fee64e0d02c6d2e6e 1033152 eggdrop_1.6.19.orig.tar.gz
 84540808a69f47a0507bdf944704445e2a90d37b96927b1949b2746c83d6fe88 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
 b61c2657060ae7082164897c8f162b15928ce924942da699ab09b4d27c560b5b 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
 758c57b93f6bdd24c0097dbe509f16c1bccdaba5c400281ce786741c8a7b25fd 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Files: 
 0fbb3a99c0027705fd9459ff03fce710 1083 net extra eggdrop_1.6.19-1.1+lenny1.dsc
 4d89a901e95f0f9937f4ffac783d55d8 1033152 net extra eggdrop_1.6.19.orig.tar.gz
 73742e8b01487405d815296f5fb91a58 17603 net extra eggdrop_1.6.19-1.1+lenny1.diff.gz
 7e5a850e026fe53cfade4e6dd43948af 412066 net extra eggdrop-data_1.6.19-1.1+lenny1_all.deb
 1231dad4cd3f847298efd9c453ec7a67 468618 net extra eggdrop_1.6.19-1.1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpHZBUACgkQiZgNKcDdyD+U+gCghm6MNv80BHHa2/QwrOvdUvVH
FIgAnRcMRq4JVXDhtR+rf3Uv3AX7RDEf
=oWCT
-----END PGP SIGNATURE-----





Reply sent to Sebastien Delafond <seb@debian.org>:
You have taken responsibility. (Fri, 04 Sep 2009 19:15:24 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Fri, 04 Sep 2009 19:15:24 GMT) Full text and rfc822 format available.

Message #35 received at 528778-close@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: 528778-close@bugs.debian.org
Subject: Bug#528778: fixed in eggdrop 1.6.19-1.1+lenny1
Date: Fri, 04 Sep 2009 18:31:53 +0000
Source: eggdrop
Source-Version: 1.6.19-1.1+lenny1

We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:

eggdrop-data_1.6.19-1.1+lenny1_all.deb
  to pool/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
eggdrop_1.6.19-1.1+lenny1.diff.gz
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
eggdrop_1.6.19-1.1+lenny1.dsc
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
eggdrop_1.6.19-1.1+lenny1_i386.deb
  to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 528778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated eggdrop package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 22 Jun 2009 12:54:48 +0200
Source: eggdrop
Binary: eggdrop eggdrop-data
Architecture: source all i386
Version: 1.6.19-1.1+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description: 
 eggdrop    - Advanced IRC Robot
 eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes: 
 eggdrop (1.6.19-1.1+lenny1) stable-security; urgency=medium
 .
   * Security: fix buffer overflow in case strlen(ctcpbuf) returns zero
     (Closes: #528778).
     Fixes: CVE-2007-2807
Checksums-Sha1: 
 708fb1b00bcd15562a9a854215f95ef7430996b8 1083 eggdrop_1.6.19-1.1+lenny1.dsc
 74132ca6212a687457cb28c39fa111ae15032203 1033152 eggdrop_1.6.19.orig.tar.gz
 4abb94aed90ab59a345292ffc9d88dd471a5dff8 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
 e319d710b5fbfd6c4d1f2b3184fed0cfd4fdef8c 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
 30785a0a7b6a4dceb9f864d1c8c3da881d07149b 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Checksums-Sha256: 
 7f5d92230ddbbc37d084b46133e34bd88916dab47b482d7029ef0b25be763a3b 1083 eggdrop_1.6.19-1.1+lenny1.dsc
 868ff02cd9af2973f202f1abedcc7c88a936be645d3fe19fee64e0d02c6d2e6e 1033152 eggdrop_1.6.19.orig.tar.gz
 84540808a69f47a0507bdf944704445e2a90d37b96927b1949b2746c83d6fe88 17603 eggdrop_1.6.19-1.1+lenny1.diff.gz
 b61c2657060ae7082164897c8f162b15928ce924942da699ab09b4d27c560b5b 412066 eggdrop-data_1.6.19-1.1+lenny1_all.deb
 758c57b93f6bdd24c0097dbe509f16c1bccdaba5c400281ce786741c8a7b25fd 468618 eggdrop_1.6.19-1.1+lenny1_i386.deb
Files: 
 0fbb3a99c0027705fd9459ff03fce710 1083 net extra eggdrop_1.6.19-1.1+lenny1.dsc
 4d89a901e95f0f9937f4ffac783d55d8 1033152 net extra eggdrop_1.6.19.orig.tar.gz
 73742e8b01487405d815296f5fb91a58 17603 net extra eggdrop_1.6.19-1.1+lenny1.diff.gz
 7e5a850e026fe53cfade4e6dd43948af 412066 net extra eggdrop-data_1.6.19-1.1+lenny1_all.deb
 1231dad4cd3f847298efd9c453ec7a67 468618 net extra eggdrop_1.6.19-1.1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpHZBUACgkQiZgNKcDdyD+U+gCghm6MNv80BHHa2/QwrOvdUvVH
FIgAnRcMRq4JVXDhtR+rf3Uv3AX7RDEf
=oWCT
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 03 Oct 2009 07:45:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 16:10:03 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.