Package : inspircd Version : 1.1.22+dfsg-4+squeeze3 CVE ID : CVE-2015-8702 Debian Bug : 668253
It was discovered that InspIRCd did not validate the names in DNS responses before using them in inter-server communication. A remote attacker controlling the reverse DNS server for an IRC client could use this for denial of service or possibly for privilege escalation on the IRC network. InspIRCd appears to have been completely unusable since version 1.1.22+dfsg-4+squeeze1 due to a bug in its build system triggered by (e)glibc versions newer than 2.9. This has also been fixed. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
signature.asc
Description: This is a digitally signed message part