[MIR] inspircd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
inspircd (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
After careful review of https:/
Package: inspircd
Availability:
Present in a useful form as of wily.
Rationale:
We currently have no IRC daemon in main. This package represents the
best available IRC daemon for largescale deployment.
Security:
The only recent CVE is one that was found in 2.0.5 (trusty's version),
which was addressed in 2.0.6, and incorrectly patched in Debian. 2.0.17
and later appear to be well (and actively) maintained.
QA:
I am not recommending that this be installed by default. The package
documentation makes configuring it relatively straight forward.
Issue tracking:
https:/
https:/
https:/
Dependencies: all in main other than tre, which appears to be very
stable, and could likely be pulled into main as well.
Standards: meets standards
Maintenance: Debian IRC Team <email address hidden>
Background information:
Historically, we have used UnrealIRCd, which has a relatively poor
security track record. After evaluation of alternatives, we determined
that inspircd was the best candidate for our irc needs, with anope
providing services.
Security history:
http://
CVE-2008-1925: Timely fix.
CVE-2012-1836: Timely fix, though the backport of the fix to debian's
with a subsequent upload of the upstream package.
http://
6 records found, mostly from 2012 and earlier, one from 2015-04-17
http://
no entries
Security relevant binaries:
No setuid/setgid binaries
Delivers binaries in /usr/sbin, and starts services.
An apparmor profile has been written, and a bug requesting inclusion
submitted.
No privileged ports are used.
Changed in inspircd (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in inspircd (Ubuntu): | |
assignee: | Jamie Strandboge (jdstrand) → Ubuntu Security Team (ubuntu-security) |
But why do we need it in main? You're not asking for it to be seeded.