Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package charybdis Version 3.3.0-7.1 contains just one additional patch fixing the vulnerability CVE-2012-6084 [1]. I am attaching the debdiff. Cheers, Adrian > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697092 unblock charybdis/3.3.0-7.1 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru charybdis-3.3.0/debian/changelog charybdis-3.3.0-CVE-2012-6084/debian/changelog --- charybdis-3.3.0/debian/changelog 2011-11-30 00:17:54.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/changelog 2013-01-02 20:58:33.748765147 +0100 @@ -1,3 +1,11 @@ +charybdis (3.3.0-7.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix remote denial of service vulnerability + CVE-2012-6084 (Closes: #697092). + + -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> Wed, 02 Jan 2013 20:57:36 +0100 + charybdis (3.3.0-7) unstable; urgency=low * patch: default NICKLEN to 30 to fit a commonly used value and the new diff -Nru charybdis-3.3.0/debian/patches/CVE-2012-6084.patch charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch --- charybdis-3.3.0/debian/patches/CVE-2012-6084.patch 1970-01-01 01:00:00.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/CVE-2012-6084.patch 2013-01-02 20:57:08.790958689 +0100 @@ -0,0 +1,26 @@ +From ac0707aa61d9c20e9b09062294701567c9f41595 Mon Sep 17 00:00:00 2001 +From: William Pitcock <neno...@dereferenced.org> +Date: Mon, 31 Dec 2012 13:13:05 -0600 +Subject: [PATCH] m_capab: fix a possible remote crash triggered by the CAPAB + parsing code. + +--- + modules/m_capab.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/m_capab.c b/modules/m_capab.c +index 54e9a53..b03fb3f 100644 +--- a/modules/m_capab.c ++++ b/modules/m_capab.c +@@ -38,7 +38,7 @@ + + struct Message capab_msgtab = { + "CAPAB", 0, 0, 0, MFLG_SLOW | MFLG_UNREG, +- {{mr_capab, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore} ++ {{mr_capab, 2}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore} + }; + struct Message gcap_msgtab = { + "GCAP", 0, 0, 0, MFLG_SLOW, +-- +1.7.10 + diff -Nru charybdis-3.3.0/debian/patches/series charybdis-3.3.0-CVE-2012-6084/debian/patches/series --- charybdis-3.3.0/debian/patches/series 2011-11-30 00:17:54.000000000 +0100 +++ charybdis-3.3.0-CVE-2012-6084/debian/patches/series 2013-01-02 20:57:31.618369271 +0100 @@ -5,3 +5,4 @@ no-rpath cleanup-bandb-properly default_nicklen +CVE-2012-6084.patch