Attaching the debdiff as well.
diff -Nru ircii-20190117/debian/changelog ircii-20190117/debian/changelog
--- ircii-20190117/debian/changelog     2019-02-21 05:35:56.000000000 +0100
+++ ircii-20190117/debian/changelog     2021-05-14 01:51:43.000000000 +0200
@@ -1,3 +1,13 @@
+ircii (20190117-1+deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Fix CVE-2021-29376: allows remote attackers to cause a denial of
+    service (segmentation fault and client crash, disconnecting
+    the victim from an IRC server) via a crafted CTCP UTC message.
+    Closes: 986214
+
+ -- Håvard Flaget Aasen <haavard_aa...@yahoo.no>  Fri, 14 May 2021 01:51:43 
+0200
+
 ircii (20190117-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 
ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch
--- ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 1970-01-01 
01:00:00.000000000 +0100
+++ ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 2021-05-14 
01:43:05.000000000 +0200
@@ -0,0 +1,44 @@
+From: Håvard Flaget Aasen <haavard_aa...@yahoo.no>
+Date: Thu, 13 May 2021 21:39:51 +0200
+Subject: Fix CVE-2021-29376
+
+CVE-2021-29376 allows remote attackers to cause a denial of service
+(segmentation fault and client crash, disconnecting the victim from an IRC
+server) via a crafted CTCP UTC message.
+
+Bug-Debian: https://bugs.debian.org/#986214
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-29376
+---
+ source/ctcp.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/source/ctcp.c b/source/ctcp.c
+index 1a714c6..c5ddde0 100644
+--- a/source/ctcp.c
++++ b/source/ctcp.c
+@@ -536,12 +536,23 @@ do_utc(CtcpEntry *ctcp, u_char *from, u_char *to, u_char 
*args)
+ {
+       time_t  tm;
+       u_char  *date = NULL;
++      char    *curtime;
+ 
+       if (!args || !*args)
+               return NULL;
+       tm = my_atol(args);
+-      malloc_strcpy(&date, UP(ctime(&tm)));
+-      date[my_strlen(date)-1] = '\0';
++      curtime = ctime(&tm);
++      if (curtime)
++      {
++              u_char *s = my_index(curtime, '\n');
++              if (s)
++                      *s = '\0';
++
++              malloc_strcpy(&date, UP(curtime));
++      }
++      else
++              /* if we can't find a time, just return the number */
++              malloc_strcpy(&date, args);
+       return date;
+ }
+ 
diff -Nru ircii-20190117/debian/patches/series 
ircii-20190117/debian/patches/series
--- ircii-20190117/debian/patches/series        2019-02-20 03:07:03.000000000 
+0100
+++ ircii-20190117/debian/patches/series        2021-05-14 01:40:45.000000000 
+0200
@@ -3,3 +3,4 @@
 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
 0006-fix-some-spelling-errors.patch
+0009-Fix-CVE-2021-29376.patch

Reply via email to