projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d98b61c) | patch
irssi: security bump to version 1.0.7
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 18 Mar 2018 14:40:08 +0000 (15:40 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 18 Mar 2018 22:29:12 +0000 (23:29 +0100)
commit181ef8a1d01ddfa2be0b59ea85eb8902b0ce12c0
tree8f47377d24c032a6cbacdbc210d0cf12f98876c9tree
parentd98b61c01247e989db3b41a4e28d025c8614863bcommit | diff
irssi: security bump to version 1.0.7

Fixes the following security issues:

Use after free when server is disconnected during netsplits.  Incomplete fix
of CVE-2017-7191.  Found by Joseph Bisch.  (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.

Use after free when SASL messages are received in unexpected order.  Found
by Joseph Bisch.  (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.

Null pointer dereference when an “empty” nick has been observed by Irssi.
Found by Joseph Bisch.  (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.

When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference.  Found by Joseph Bisch.  (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.

Certain nick names could result in out of bounds access when printing theme
strings.  Found by Oss-Fuzz.  (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/irssi/irssi.hash diff | blob | history
package/irssi/irssi.mk diff | blob | history