Report forwarded
to debian-bugs-dist@lists.debian.org, Aurélien GÉRÔME <ag@roxor.cx>: Bug#550389; Package hybserv.
(Fri, 09 Oct 2009 19:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>:
New Bug report received and forwarded. Copy sent to Aurélien GÉRÔME <ag@roxor.cx>.
(Fri, 09 Oct 2009 19:15:06 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: hybserv: misparsing when sent commands with tabs
Date: Fri, 9 Oct 2009 20:59:41 +0200
Package: hybserv
Version: 1.9.2-4
Severity: important
Tags: patch
Hi,
sending 'PRIVMSG memoserv :help \t' crashes hybserv.
GiveHelp is called with command="\t", so SplitBuf(command, &cav) at
helpserv.c:365 returns 0, and the next line calls strlcpy() with src ==
NULL.
I fixed this by replacing "while (*buf == ' ')" with "while
(IsSpace(*buf))" in mystring.c:145. This way the first parsing in
ms_process() returns 1, and m_help() calls GiveHelp with command ==
NULL, avoiding the crash.
All of mystring.c, memoserv.c and helpserv.c seem to be unchanged
between 1.9.2 and 1.9.4 so I'm pretty sure it's not fixed in any
upstream release.
Cheers,
Julien
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Severity set to 'grave' from 'important'
Request was from Steffen Joeris <white@debian.org>
to control@bugs.debian.org.
(Wed, 27 Jan 2010 22:36:04 GMT) (full text, mbox, link).
Added tag(s) security.
Request was from Steffen Joeris <white@debian.org>
to control@bugs.debian.org.
(Wed, 27 Jan 2010 22:36:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Aurélien GÉRÔME <ag@roxor.cx>: Bug#550389; Package hybserv.
(Fri, 29 Jan 2010 13:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Aurélien GÉRÔME <ag@roxor.cx>.
(Fri, 29 Jan 2010 13:39:03 GMT) (full text, mbox, link).
Hi
Please find attached the NMU patch for this issue and an issue with open
debconf file descriptors that left the postinst script hanging.
Cheers
Steffen
Information forwarded
to debian-bugs-dist@lists.debian.org, Aurélien GÉRÔME <ag@roxor.cx>: Bug#550389; Package hybserv.
(Fri, 29 Jan 2010 13:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Aurélien GÉRÔME <ag@roxor.cx>.
(Fri, 29 Jan 2010 13:45:06 GMT) (full text, mbox, link).
Source: hybserv
Source-Version: 1.9.2-4.1
We believe that the bug you reported is fixed in the latest version of
hybserv, which is due to be installed in the Debian FTP archive:
hybserv_1.9.2-4.1.diff.gz
to main/h/hybserv/hybserv_1.9.2-4.1.diff.gz
hybserv_1.9.2-4.1.dsc
to main/h/hybserv/hybserv_1.9.2-4.1.dsc
hybserv_1.9.2-4.1_i386.deb
to main/h/hybserv/hybserv_1.9.2-4.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550389@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated hybserv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Jan 2010 14:30:27 +0100
Source: hybserv
Binary: hybserv
Architecture: source i386
Version: 1.9.2-4.1
Distribution: unstable
Urgency: high
Maintainer: Aurélien GÉRÔME <ag@roxor.cx>
Changed-By: Steffen Joeris <white@debian.org>
Description:
hybserv - IRC services for IRCD-Hybrid
Closes: 550389
Changes:
hybserv (1.9.2-4.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Fix DoS via commands with tabs (Closes: #550389)
Fixes: CVE-2010-0303
* Add db_stop into hybserv.postinst to avoid that the postinst script
hangs due to open debconf file descriptors
Thanks to Julien Cristau
Checksums-Sha1:
7ced83be9e24e62d817c85af03a3942d6ab2336b 980 hybserv_1.9.2-4.1.dsc
e7dadf556b43cc4ed1c2ac279ac0afa20e2b1db1 12946 hybserv_1.9.2-4.1.diff.gz
8432987fde84342ddc728266dd3e0013bd7186c4 212000 hybserv_1.9.2-4.1_i386.deb
Checksums-Sha256:
339e87560ffd8c9dbf8d5eee839d6107043be6ee5ef70b798a0420893d2ffd57 980 hybserv_1.9.2-4.1.dsc
131ac9243089630ad556bce67ab4c1e4a387659616e57038623b0c22b217fee5 12946 hybserv_1.9.2-4.1.diff.gz
a6593da4598d2d9b1341c624cfc139d7d7995fbbf4fad8dff01e3246f489d18b 212000 hybserv_1.9.2-4.1_i386.deb
Files:
57bb4ed34dfb0bfd41e16d007819bf7c 980 net extra hybserv_1.9.2-4.1.dsc
f0c32f632f67779c7cfbb3d66ceea232 12946 net extra hybserv_1.9.2-4.1.diff.gz
c45860d825c29f039833381255efd821 212000 net extra hybserv_1.9.2-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkti5DEACgkQ62zWxYk/rQdArgCfa6/LAkDkqxDd2nzsLkxcEvbV
1okAn3TqILfkTdIYyrI3qtzrHheN0C8F
=e8ve
-----END PGP SIGNATURE-----
Reply sent
to Steffen Joeris <white@debian.org>:
You have taken responsibility.
(Mon, 01 Feb 2010 20:04:21 GMT) (full text, mbox, link).
Notification sent
to Julien Cristau <jcristau@debian.org>:
Bug acknowledged by developer.
(Mon, 01 Feb 2010 20:04:21 GMT) (full text, mbox, link).
Subject: Bug#550389: fixed in hybserv 1.9.2-4+lenny2
Date: Mon, 01 Feb 2010 19:52:36 +0000
Source: hybserv
Source-Version: 1.9.2-4+lenny2
We believe that the bug you reported is fixed in the latest version of
hybserv, which is due to be installed in the Debian FTP archive:
hybserv_1.9.2-4+lenny2.diff.gz
to main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
hybserv_1.9.2-4+lenny2.dsc
to main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
hybserv_1.9.2-4+lenny2_i386.deb
to main/h/hybserv/hybserv_1.9.2-4+lenny2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550389@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated hybserv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Jan 2010 14:21:54 +0100
Source: hybserv
Binary: hybserv
Architecture: source i386
Version: 1.9.2-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Aurélien GÉRÔME <ag@roxor.cx>
Changed-By: Steffen Joeris <white@debian.org>
Description:
hybserv - IRC services for IRCD-Hybrid
Closes: 550389
Changes:
hybserv (1.9.2-4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix DoS via commands with tabs (Closes: #550389)
Fixes: CVE-2010-0303
* Add db_stop to hybserv.postinst to make sure it doesn't hang due to
the open file descriptors by debconf
Thanks to Julien Cristau
Checksums-Sha1:
61da885044f8ff99cb2058566c002eaddab27f62 1000 hybserv_1.9.2-4+lenny2.dsc
f41caaad90e4a91dc088ccc05cf8fb1e4b438028 418829 hybserv_1.9.2.orig.tar.gz
cf25411dd39db36e41d62fc52d287a9ee4fe5737 12958 hybserv_1.9.2-4+lenny2.diff.gz
3f91402a6d854ba8431336bf6e1f126d44aca41c 210102 hybserv_1.9.2-4+lenny2_i386.deb
Checksums-Sha256:
404d70c737052583a3484ec654b4a99081380010c438487284bf8cd7eb04b011 1000 hybserv_1.9.2-4+lenny2.dsc
57ced45c09561851e0981bf09361644c2f6bfd2622e989715c3427d5dece3d39 418829 hybserv_1.9.2.orig.tar.gz
63a9c1bca4ec949f58d885973633184fe8a1612881b6f5e95be3483e34a70fc5 12958 hybserv_1.9.2-4+lenny2.diff.gz
67179604ccc9b540ad27e2d5518a85c4988162f24c55ab59d141cb24042808ae 210102 hybserv_1.9.2-4+lenny2_i386.deb
Files:
1e53e47576f3165f8dff86114b5fbf9d 1000 net extra hybserv_1.9.2-4+lenny2.dsc
b0ebd0027c2b858ef8db6f06ac0d284b 418829 net extra hybserv_1.9.2.orig.tar.gz
5af569d594f3208c96a3e02ee84ec4ba 12958 net extra hybserv_1.9.2-4+lenny2.diff.gz
3e6afd1df128671cf09fb5ccc0ad475b 210102 net extra hybserv_1.9.2-4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkti5TMACgkQ62zWxYk/rQd7FgCfWjx0afIgl5S6KqckBrvz964H
OxUAmwaqiDCCWDvDZpwjUjaWEjOyoO+2
=cRVu
-----END PGP SIGNATURE-----
Reply sent
to Steffen Joeris <white@debian.org>:
You have taken responsibility.
(Tue, 23 Feb 2010 20:00:24 GMT) (full text, mbox, link).
Notification sent
to Julien Cristau <jcristau@debian.org>:
Bug acknowledged by developer.
(Tue, 23 Feb 2010 20:00:24 GMT) (full text, mbox, link).
Subject: Bug#550389: fixed in hybserv 1.9.2-4+etch1
Date: Tue, 23 Feb 2010 19:57:12 +0000
Source: hybserv
Source-Version: 1.9.2-4+etch1
We believe that the bug you reported is fixed in the latest version of
hybserv, which is due to be installed in the Debian FTP archive:
hybserv_1.9.2-4+etch1.diff.gz
to main/h/hybserv/hybserv_1.9.2-4+etch1.diff.gz
hybserv_1.9.2-4+etch1.dsc
to main/h/hybserv/hybserv_1.9.2-4+etch1.dsc
hybserv_1.9.2-4+etch1_i386.deb
to main/h/hybserv/hybserv_1.9.2-4+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550389@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated hybserv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 29 Jan 2010 13:44:29 +0000
Source: hybserv
Binary: hybserv
Architecture: source i386
Version: 1.9.2-4+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Aurélien GÉRÔME <ag@roxor.cx>
Changed-By: Steffen Joeris <white@debian.org>
Description:
hybserv - IRC services for IRCD-Hybrid
Closes: 550389
Changes:
hybserv (1.9.2-4+etch1) oldstable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix DoS via commands with tabs (Closes: #550389)
Fixes: CVE-2010-0303
* Add db_stop to hybserv.postinst to avoid that the postinst script
hangs due to open debconf file descriptors
Thanks to Julien Cristau
Files:
58fad4dbd63b3a05377688d714ba82b2 606 net extra hybserv_1.9.2-4+etch1.dsc
9e34b664e63f7f6dce75719e5235a3a7 12958 net extra hybserv_1.9.2-4+etch1.diff.gz
220d062a2c67911191e9fa2727e1ab6b 212992 net extra hybserv_1.9.2-4+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktjGbgACgkQ62zWxYk/rQcyOgCcD8pMhtCmOneCV/+ZiQeZQYLy
T+EAn027ZbQiAI31C29js/h9Es75ITPp
=7Vq5
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 27 Jun 2010 07:42:46 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.