projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bdca0d0) | patch
irssi: security bump to version 1.0.4
authorPeter Korsgaard <peter@korsgaard.com>
Sat, 8 Jul 2017 14:34:33 +0000 (16:34 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Sat, 8 Jul 2017 18:32:19 +0000 (20:32 +0200)
commit9bf78446888ed3b98d893e70ce4f5e4679fd2ebb
treef60eaf3d6f29cbce17edfa1a1290d0c65658e185tree
parentbdca0d05816fec8472b1d32301f55df152b86466commit | diff
irssi: security bump to version 1.0.4

>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt

Two vulnerabilities have been located in Irssi.

(a) When receiving messages with invalid time stamps, Irssi would try
    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
    of Geeknik Labs. (CWE-690)

    CVE-2017-10965 [2] was assigned to this bug

(b) While updating the internal nick list, Irssi may incorrectly use
    the GHashTable interface and free the nick while updating it. This
    will then result in use-after-free conditions on each access of
    the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
    Labs. (CWE-416 caused by CWE-227)

    CVE-2017-10966 [3] was assigned to this bug

Impact
------

(a) May result in denial of service (remote crash).

(b) Undefined behaviour.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/irssi/irssi.hash diff | blob | history
package/irssi/irssi.mk diff | blob | history