projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c0ad6de) | patch
irssi: security bump to version 1.0.3
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 18 Jun 2017 21:35:02 +0000 (23:35 +0200)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mon, 19 Jun 2017 20:06:10 +0000 (22:06 +0200)
commit2e19525f2f4904424caee7bc13be24163fd54216
tree7f6d025449ada70aee53fcc9ae9eb7eb90322c90tree
parentc0ad6ded018ffbc33f7f52a4bbcc6f08a14bfbd6commit | diff
irssi: security bump to version 1.0.3

Fixes:

CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host.  A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a  denial of
service.

CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files.  A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.

See https://irssi.org/security/irssi_sa_2017_06.txt for more details.

Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch [deleted file] blob | history
package/irssi/irssi.hash diff | blob | history
package/irssi/irssi.mk diff | blob | history