CVE-2012-1836: Buffer overflow

Bug #982509 reported by Julian Taylor
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
inspircd (Debian)
Fix Released
Unknown
inspircd (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
High
Steve Beattie
Natty
Fix Released
High
Steve Beattie
Oneiric
Fix Released
High
Steve Beattie
Precise
Fix Released
Undecided
Unassigned

Bug Description

Imported from Debian bug http://bugs.debian.org/667914:

Package: inspircd
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1836
for details and a link to the upstream fix.

Cheers,
        Moritz

Related branches

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inspircd - 1.1.22+dfsg-4ubuntu2

---------------
inspircd (1.1.22+dfsg-4ubuntu2) precise; urgency=low

  * SECURITY UPDATE: remote code execution (LP: #982509)
   - debian/patches/06_CVE-2012-1836.dpatch:
     Fix buffer overflow in dns.cpp, thanks to Jonathan Wiltshire
   - CVE-2012-1836
 -- Julian Taylor <email address hidden> Sun, 15 Apr 2012 20:33:41 +0200

Changed in inspircd (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Julian Taylor (jtaylor) wrote :

natty can be synced from squeeze, lucid not, it fails to build

Changed in inspircd (Debian):
importance: Undecided → Unknown
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Julian, I'm not sure why your attempt to sync from squeeze failed to build, it built in local testing here. Anyway, the oneiric debdiff looks good, thanks. I'll push it out along with fakesyncs for natty and lucid later today.

Changed in inspircd (Ubuntu Lucid):
assignee: nobody → Steve Beattie (sbeattie)
Changed in inspircd (Ubuntu Natty):
assignee: nobody → Steve Beattie (sbeattie)
Changed in inspircd (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Changed in inspircd (Ubuntu Lucid):
status: New → In Progress
Changed in inspircd (Ubuntu Natty):
status: New → In Progress
Changed in inspircd (Ubuntu Oneiric):
status: New → In Progress
Changed in inspircd (Ubuntu Lucid):
importance: Undecided → High
Changed in inspircd (Ubuntu Natty):
importance: Undecided → High
Changed in inspircd (Ubuntu Oneiric):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inspircd - 1.1.22+dfsg-4ubuntu1.1

---------------
inspircd (1.1.22+dfsg-4ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: remote code execution (LP: #982509)
   - debian/patches/06_CVE-2012-1836.dpatch:
     Fix buffer overflow in dns.cpp, thanks to Jonathan Wiltshire
   - CVE-2012-1836
 -- Julian Taylor <email address hidden> Sun, 15 Apr 2012 20:33:41 +0200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inspircd - 1.1.22+dfsg-4squeeze1build0.11.04.1

---------------
inspircd (1.1.22+dfsg-4squeeze1build0.11.04.1) natty-security; urgency=low

  * fake sync from Debian (LP: #982509)

inspircd (1.1.22+dfsg-4+squeeze1) stable-security; urgency=low

  * Non-maintainer upload.
  * Protect against a buffer overflow in src/dns.cpp
    Closes: #667914 CVE-2012-1836
 -- Steve Beattie <email address hidden> Mon, 16 Apr 2012 10:51:24 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inspircd - 1.1.22+dfsg-4squeeze1build0.10.04.1

---------------
inspircd (1.1.22+dfsg-4squeeze1build0.10.04.1) lucid-security; urgency=low

  * fake sync from Debian (LP: #982509)

inspircd (1.1.22+dfsg-4+squeeze1) stable-security; urgency=low

  * Non-maintainer upload.
  * Protect against a buffer overflow in src/dns.cpp
    Closes: #667914 CVE-2012-1836
 -- Steve Beattie <email address hidden> Mon, 16 Apr 2012 11:53:27 -0700

Changed in inspircd (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in inspircd (Ubuntu Natty):
status: In Progress → Fix Released
Changed in inspircd (Ubuntu Oneiric):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.