Ubuntu irssi 0.8.12-4ubuntu2

Matt Zimmerman mdz at ubuntu.com
Sun Oct 12 12:19:16 BST 2008


On Wed, Oct 08, 2008 at 04:15:27PM +0200, Gerfried Fuchs wrote:
>         Hi!
> 
>  Thanks for the (indirect because of my Debian PTS derivates
> subscription - direct would had been much more appreciated) notification
> about this router bug:

I haven't seen a response on ubuntu-devel yet, so I'm CCing the person who
actually uploaded this change (does this information not make it to the
PTS?) for comment.

I'm also copying the security team, as there's no CVE reference here and I
can't tell whether there's a more general issue which needs to be addressed.

> * Ubuntu Merge-o-Matic <mom at ubuntu.com> [2008-10-07 19:43:37 CEST]:
> > Launchpad-Bugs-Fixed: 263259
> > Changes: 
> >  irssi (0.8.12-4ubuntu2) intrepid; urgency=low
> >  .
> >    * debian/patches/90irc-ubuntu-com.dpatch: Changed irc.ubuntu.com's
> >      default port to 8001 to avoid DCC exploit (LP: #263259).
> 
> <https://help.ubuntu.com/community/FixDCCExploit>
> 
>  Though, it makes me wonder about several things:
> 
>  -) Is this a freenode only specific issue? If not, why does the page
> only list freenode? I can understand that it's the most important for
> Ubuntu because irc.ubntu.com points there, but would changing the
> default port for OFTC to 7000 (as documented on their page as
> alternative) work here, too? I tried to update the page with respect
> to that, but I'm not too sure what port(range) the buggy routers are
> checking.
> 
>  -) Isn't switching it per default for all users propably causing more
> troubles for firewall admins and similar than it solves? How common are
> these buggy routers?
> 
>  -) Why would changing the client be a fix when it's related to the port
> one connects to? It's not really clear here wether Colloquy is affected
> in itself even without a buggy router, but I guess that's what is meant
> here?
> 
>  Given any deeper insight and answers might help me trying to figure out
> how sever it really is and wether this change should be applied to
> Debian in a timely manner, too (and wether I/we should dig further for
> alternative ports of other networks listed in the IRC clients).
> 
>  Thanks,
> Rhonda
> P.S.: I'm not subscribed to the list but will try to follow the archive.
>    Thus it would be kind if you could Cc me on replies.
> 
> -- 
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

-- 
 - mdz



More information about the ubuntu-devel mailing list