remote crasher in the IRC WHO changes

Paul Aurich paul at darkrain42.org
Mon Jul 11 14:41:57 EDT 2011


Ethan Blanton <elb at pidgin.im> wrote: 
>> xnyhps with Adium pointed out that I forgot to fixup the final
>> :argument.  A fixed patch is here:
>> 
>>     http://pidgin.im/~elb/private/irc_who_fix-2.diff
>
>Paul, any chance you've had a chance to verify this fix?
>
>Adium people, you caused this problem, have you had a chance to check
>that the fix works for Adium?
>
>I really want to 1) make sure this fix goes into 2.9.1, 2) have this
>vetted in time to send to packagers@ and get a CVE before 2.9.1, and
>3) get 2.9.1 out relatively soon.
>
>Ethan

I have not, unfortunately.  The user with the odd nick has not been in the room every time I've looked.

Do you have a suggestion of how I can create a bogus nick on such a server to test directly?  (Both Pidgin and irssi did not let me).


More information about the security mailing list