On Fri, Aug 24, 2007 at 09:29:47AM +0200, Thijs Kinkhorst wrote: > Package: ircd-ircu > Severity: serious > Tags: security > > Hi! > > Several security issues have been reported against ircu: > CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to > discover > the ...) > CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a > kick ...) > CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows > remote ...) > CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, > which ...) > CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp > with ops ...) > CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops > privilege after ...) > CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to > cause a ...) > CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial > of ...) > > See: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4404 (etc) > > Can you please: > - assert whether the versions Debian ships (unstable, stable, oldstable) are > vulnerable? > - If so, fix the issue in unstable and coordinate with the security team if > updates to stable and oldstable are necessary? > > > thanks, > Thijs
I will get back with a security report this evening. m. -- "Toto, I've got a feeling we're not in Kansas anymore."
pgpotbmLEEzac.pgp
Description: PGP signature
