Bug#462651: please fix or respond
On Fri, Feb 15, 2008 at 02:34:23PM +0100, Helmut Grohne wrote: Hi Martin, this is a maintainer ping mail. Please respond in any way. If you don't respond within a week, I'll ask d-mentors to sponsor my proposed patch as nmu. Helmut Hello Helmut, thank you for your patch; I will upload a fixed package tomorrow. Sorry for the long delay; i've been on work and was not able to access my gpg key nor did I find time to answer. m. -- Toto, I've got a feeling we're not in Kansas anymore.
Bug#439314: Info received (Bug#439314: Several security issues in ircu [CVE-2007-4404..11])
On Tue, Sep 18, 2007 at 03:00:58PM +0200, Nico Golde wrote: Hi, * Martin Loschwitz [EMAIL PROTECTED] [2007-09-17 13:53]: On Mon, Sep 17, 2007 at 01:32:04PM +0200, Nico Golde wrote: i got the fixed package for unstable ready and am building it right now, i will upload it within this day. Let me guess, you are just joking around? no. i worked until three o'clock in the night and then thought it might not be a good idea to upload packages when being half asleep. So what's with the package now? Can you finally upload or not? Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. i can. -- Toto, I've got a feeling we're not in Kansas anymore. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#439314: Info received (Bug#439314: Several security issues in ircu [CVE-2007-4404..11])
On Mon, Sep 17, 2007 at 01:32:04PM +0200, Nico Golde wrote: Hi, * Martin Loschwitz [EMAIL PROTECTED] [2007-09-16 14:11]: On Fri, Sep 14, 2007 at 09:48:02AM +, Debian Bug Tracking System wrote: Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the package maintainer(s) and to other interested parties to accompany the original report. If you wish to continue to submit further information on this problem, please send it to [EMAIL PROTECTED], as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Debian bug tracking system administrator (administrator, Debian Bugs database) i got the fixed package for unstable ready and am building it right now, i will upload it within this day. Let me guess, you are just joking around? Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. no. i worked until three o'clock in the night and then thought it might not be a good idea to upload packages when being half asleep. m. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#439314: Info received (Bug#439314: Several security issues in ircu [CVE-2007-4404..11])
On Fri, Sep 14, 2007 at 09:48:02AM +, Debian Bug Tracking System wrote: Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the package maintainer(s) and to other interested parties to accompany the original report. If you wish to continue to submit further information on this problem, please send it to [EMAIL PROTECTED], as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Debian bug tracking system administrator (administrator, Debian Bugs database) i got the fixed package for unstable ready and am building it right now, i will upload it within this day. m. -- Toto, I've got a feeling we're not in Kansas anymore. pgpB2zNskdBha.pgp Description: PGP signature
Bug#439314: Several security issues in ircu [CVE-2007-4404..11]
On Wed, Sep 12, 2007 at 04:58:04PM +0200, Nico Golde wrote: Hi, i will upload the new package next weekend. Nothing happened, any news? Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. yes: I am still working on providing a somewhat smooth upgrade path to the new version as the new version uses a completely new layout for its configuration file. i will get back with some more news about this this evening. m. -- Toto, I've got a feeling we're not in Kansas anymore. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#439314: Several security issues in ircu [CVE-2007-4404..11]
On Wed, Sep 05, 2007 at 09:29:37PM +0200, Nico Golde wrote: Hi, are you going to package the new upstream version? I looked at the source code trying to get patches for the three CVEs but it turns out it's everything else then trivial, the patch between the affected and non-affected version is 15000 lines long, alot of stuff changed and no useful changelog entries. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. i will upload the new package next weekend. -- Toto, I've got a feeling we're not in Kansas anymore. pgp1U9dtzmUFM.pgp Description: PGP signature
Bug#439314: Several security issues in ircu [CVE-2007-4404..11]
On Sun, Aug 26, 2007 at 04:19:14PM +0200, Nico Golde wrote: Hi, I will get back with a security report this evening. Any news? :) Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Yes. The versions in stable, testing and unstable are actually affected by all reported problems; i have updated packages for unstable cooking at the moment. stable will need DSAs. m. -- Toto, I've got a feeling we're not in Kansas anymore. pgpH2ZhBfHivJ.pgp Description: PGP signature
Bug#439314: Several security issues in ircu [CVE-2007-4404..11]
On Sun, Aug 26, 2007 at 04:19:14PM +0200, Nico Golde wrote: Hi, I will get back with a security report this evening. Any news? :) Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. gosh, wait a second. out of these reports, quite some only affect the versions starting from 2.10.12.01. our version at the moment still is 2.10.11.something ... so based on that information, i would actually claim that only CVE-2007-4411 and CVE-2007-4410 as well as CVE-2007-4408 affect the package in the stable release and thus need an update to happen. sorry for my previous mail; i was mixing some things up. m. -- Toto, I've got a feeling we're not in Kansas anymore. pgpt5adkS8qWe.pgp Description: PGP signature
Bug#439314: Several security issues in ircu [CVE-2007-4404..11]
On Fri, Aug 24, 2007 at 09:29:47AM +0200, Thijs Kinkhorst wrote: Package: ircd-ircu Severity: serious Tags: security Hi! Several security issues have been reported against ircu: CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...) CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...) CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...) CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...) CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...) CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...) CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...) CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...) See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4404 (etc) Can you please: - assert whether the versions Debian ships (unstable, stable, oldstable) are vulnerable? - If so, fix the issue in unstable and coordinate with the security team if updates to stable and oldstable are necessary? thanks, Thijs I will get back with a security report this evening. m. -- Toto, I've got a feeling we're not in Kansas anymore. pgpEcNmtAJYf0.pgp Description: PGP signature