Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-29376 #25

Closed
coldtobi opened this issue Apr 25, 2021 · 3 comments
Closed

CVE-2021-29376 #25

coldtobi opened this issue Apr 25, 2021 · 3 comments

Comments

@coldtobi
Copy link

At least they claim that scrollz is affected in this link: https://www.openwall.com/lists/oss-security/2021/03/24/2

Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2021-29376
Debian Bug: (has the diff from ircii that seems to target this issue:) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986215

Sorry for not providing a patch, but I'm likely would make it more broken… Code seems to have diverged quite a lot between ircii/scrollz.. However, can you give me a heads-up whether the scrollz project is still active?

Cheers,
tobi

@johnsonjh
Copy link
Contributor

@coldtobi AFAIK should be, at least for maintaining but if not please poke at me and I should be able to fix in the next day or so, but flier should still be active.

I'm TrN from the Changelog BTW :)

@johnsonjh
Copy link
Contributor

johnsonjh commented Apr 27, 2021

@justflier @coldtobi

It's been a long time since I looked at the sources, but at a glance, I'm confused as to some what some of the proposed patch is doing - for example, ScrollZ does not use the ircII string list functions (sl_*) and the PING is entirely different.

The other part of the ircII patch does looks reasonable, I just put in #26 however I didn't test it (or even compile it) yet.

@justflier
Copy link
Member

Fixed by pull request #26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants