Ubuntu
ircd-hybrid package

DSA-1980-1 fix not in lucid, or karmic

Bug #518226 reported by Matt Arnold
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ircd-hybrid (Ubuntu)
Fix Released
Medium
Unassigned
Jaunty
Fix Released
Medium
Unassigned
Karmic
Fix Released
Medium
Unassigned
Lucid
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: ircd-hybrid

The fix for DSA-1980-1 which references CVE-2009-4016 and CVE-2010-0300. is not in lucid or karmic. It should be an upstream Debian bug has been outstanding since 27 Jan (#567192), and we already have our own patches applied so these changes should be merged into our version as soon as possible

Matt Arnold (mattarnold5)
visibility: private → public
Matt Arnold (mattarnold5)
summary: - DSA-1980-1 fix not in lucid, or larmic
+ DSA-1980-1 fix not in lucid, or karmic
Revision history for this message
Matt Arnold (mattarnold5) wrote :

Here is a patch merging the change from lenny

Kees Cook (kees)
Changed in ircd-hybrid (Ubuntu Lucid):
status: New → Confirmed
Changed in ircd-hybrid (Ubuntu Karmic):
status: New → Confirmed
importance: Undecided → Medium
Changed in ircd-hybrid (Ubuntu Lucid):
importance: Undecided → Medium
Changed in ircd-hybrid (Ubuntu Karmic):
status: Confirmed → New
Revision history for this message
Kees Cook (kees) wrote :

ACK, thanks for the debdiff. I rolled an update for karmic as well (adjusted the version in the changelog). It is building now and should publish shortly.

Changed in ircd-hybrid (Ubuntu Karmic):
status: New → Fix Committed
Changed in ircd-hybrid (Ubuntu Lucid):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ircd-hybrid - 1:7.2.2.dfsg.2-6ubuntu3

---------------
ircd-hybrid (1:7.2.2.dfsg.2-6ubuntu3) lucid; urgency=low

  * SECURITY UPDATE: integer underflow causes local DoS (LP: #518226)
    - debian/patches/03_cve-20094016.patch based on upstream patch
    - CVE 2009-4016
 -- Matt Arnold <email address hidden> Sat, 06 Feb 2010 23:41:07 -0500

Changed in ircd-hybrid (Ubuntu Lucid):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in ircd-hybrid (Ubuntu Jaunty):
status: New → Fix Committed
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ircd-hybrid - 1:7.2.2.dfsg.2-6ubuntu2.0.9.10.1

---------------
ircd-hybrid (1:7.2.2.dfsg.2-6ubuntu2.0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: integer underflow causes local DoS (LP: #518226)
    - debian/patches/03_cve-20094016.patch based on upstream patch
    - CVE 2009-4016
 -- Matt Arnold <email address hidden> Sat, 06 Feb 2010 23:41:07 -0500

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ircd-hybrid - 1:7.2.2.dfsg.2-6ubuntu1.1

---------------
ircd-hybrid (1:7.2.2.dfsg.2-6ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: integer underflow causes local DoS (LP: #518226)
    - debian/patches/03_cve-20094016.patch: patch thanks to Matt Arnold
    - CVE 2009-4016
 -- Jamie Strandboge <email address hidden> Mon, 08 Feb 2010 16:04:39 -0600

Changed in ircd-hybrid (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Changed in ircd-hybrid (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.