Bug 143242 - [maintainer-update|patch] irc/ircd-ratbox: Security fix release
Summary: [maintainer-update|patch] irc/ircd-ratbox: Security fix release
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-26 03:30 UTC by moggie
Modified: 2010-01-28 21:30 UTC (History)
0 users

See Also:

Attachments
ircd-ratbox-2.2.9.diff (2.19 KB, patch)
2010-01-26 03:30 UTC, moggie 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description moggie 2010-01-26 03:30:08 UTC 
Two vulnerabilities have been discovered in the 2.2.x branch of ratbox:

o The first affects the '/quote HELP' module and allows a user to trigger an IRCD crash on some platforms.
o The second affects the '/links' processing module when the flatten_links configuration option is not enabled.

Both of these issues have been corrected in the most recent ircd-ratbox-2.2.9 release for the 2.2.x branch. As a temporary work-around, the m_help.so and m_links.so modules can be unloaded until the IRCD itself is upgraded.

Note that the 2.2.x branch of ircd-ratbox is expected to be deprecated within the not too distant future. Admins wishing to keep up-to-date with developments may wish to consider moving to ratbox-3 (irc/ircd-ratbox-devel).
Comment 1 Martin Wilke freebsd_committer freebsd_triage 2010-01-26 07:47:56 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 moggie 2010-01-28 17:06:01 UTC 
Please note that the 'flatten_links' work-around is only completely 
effective if the 'flatten_links' configuration option is set on all IRCD 
servers. Thanks.
Comment 3 dfilter service freebsd_committer freebsd_triage 2010-01-28 21:15:34 UTC 
miwi        2010-01-28 21:15:20 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  - Document irc-ratbox -- multiple vulnerabilities
  
  PR:             based on 143242
  Submitted by:   moggie <moggie@elasticmind.net>
  
  Revision  Changes    Path
  1.2103    +37 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer freebsd_triage 2010-01-28 21:29:29 UTC 
miwi        2010-01-28 21:29:16 UTC

  FreeBSD ports repository

  Modified files:
    irc/ircd-ratbox      Makefile distinfo 
  Log:
  - Update to 2.2.9
  
  PR:             143242
  Submitted by:   moggie <moggie@elasticmind.net> (maintainer)
  With hat:       secteam
  Feature safe:   http://www.vuxml.org/freebsd/192609c8-0c51-11df-82a0-00248c9b4be7.html
  
  Revision  Changes    Path
  1.17      +7 -6      ports/irc/ircd-ratbox/Makefile
  1.9       +3 -3      ports/irc/ircd-ratbox/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Martin Wilke freebsd_committer freebsd_triage 2010-01-28 21:29:30 UTC 
State Changed
From-To: open->closed

Committed. Thanks!