Ubuntu
znc package

  1. Bug #1090195
  2. Comment #14

Comment 14 for bug 1090195

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package znc - 0.078-1ubuntu0.1

---------------
znc (0.078-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service caused by NULL pointer dereference
    (LP: #1090195)
    - debian/patches/cve-2010-2448.patch: modify znc.cpp to prevent NULL
      pointer dereference. Based on upstream patch.
    - CVE-2010-2448
    - CVE-2010-2488
  * SECURITY UPDATE: denial of service caused by PING command without
    arguments (LP: #1090195)
    - debian/patches/cve-2010-2812.patch: modify Client.cpp to correctly
      handle PING commands that have no arguments. Based on upstream patch.
    - CVE-2010-2812
  * SECURITY UPDATE: denial of service via unknown vectors related to
    "unsafe substr() calls" (LP: #1090195)
    - debian/patches/cve-2010-2934.patch: modify IRCSock.cpp,
      modules/adminlog.cpp, modules/away.cpp, and modules/email.cpp to
      remove unsafe substr() calls. Based on upstream patch.
    - CVE-2010-2934
 -- Thomas Ward <email address hidden> Tue, 18 Dec 2012 06:29:44 +0000