projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dc1be64) | patch
irssi: security bump to version 1.0.6
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 7 Jan 2018 21:03:18 +0000 (22:03 +0100)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sun, 7 Jan 2018 22:47:43 +0000 (23:47 +0100)
commitaebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77
treeadda25e4bb86e33cefe39963171470df99d00374tree
parentdc1be64377f1479aea46169010b71ab4d83ab1eecommit | diff
irssi: security bump to version 1.0.6

>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/irssi/irssi.hash diff | blob | history
package/irssi/irssi.mk diff | blob | history