On Mon, Oct 08, 2007 at 11:55:20PM +0200, Nico Golde wrote: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for dircproxy. > > CVE-2007-5226[0]: > | irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to > | cause a denial of service (segmentation fault) via an ACTION command > | without a parameter, which triggers a NULL pointer dereference, as > | demonstrated using a blank /me message from irssi. > > If you fix this vulnerability please also include the CVE id > in your changelog entry. > > The null pointer dereference itself is not that big kind of > a problem here but since this also means to lose the data > you want to read while you are away I mark this as grave.
Thanks Nico and Steffen. Security team: this bug is also present in stable and oldstable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
