4 matches found
DEBIAN-CVE-2010-3438
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...
Command injection
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...
Fedora 13 : perl-POE-Component-IRC-6.14-2.fc13.1 (2010-8911)
Plugs a security hole by simplifying privmsg handler: Removed the undocumented behavior of concatenating multiple arguments. It only accepts one argument now, and newlines/CR in a message and everything following them will be stripped as with other commands. Note that Tenable Network Security has...
Fedora 12 : perl-POE-Component-IRC-6.14-1.fc12.1 (2010-8904)
Plugs a security hole by simplifying privmsg handler: Removed the undocumented behavior of concatenating multiple arguments. It only accepts one argument now, and newlines/CR in a message and everything following them will be stripped as with other commands. Note that Tenable Network Security has...