UbuntuUpdates.org

Package "irssi"

Name: irssi

Description:

terminal based IRC client

Latest version: 1.0.5-1ubuntu4.2
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://irssi.org/

Links


Download "irssi"


Other versions of "irssi" in Bionic

Repository Area Version
base main 1.0.5-1ubuntu4
updates main 1.0.5-1ubuntu4.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.5-1ubuntu4.2 2019-07-04 19:07:31 UTC

  irssi (1.0.5-1ubuntu4.2) bionic-security; urgency=medium

  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2018-7054.patch: try to make sure
      the server is still good enough to call ischannel when
      printing netsplit/join in src/fe-common/irc/fet-netjoin.c,
      src/fe-common/irc/fe-netsplit.c.
    - CVE-2018-7054
  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2019-13045.patch: copy sasl username
      and password values in src/irc/core/irc-core.c,
      src/irc/core/irc-servers-reconnect.c,
      src/irc/core/irc-servers-setup.c.
    - CVE-2019-13045

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Jul 2019 10:32:41 -0300

Source diff to previous version
CVE-2018-7054 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE:
CVE-2019-13045 Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.

Version: 1.0.5-1ubuntu4.1 2019-01-17 15:06:39 UTC

  irssi (1.0.5-1ubuntu4.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5882.patch: fix in
      src/fe-text/textbuffer-view.c.
    - CVE-2019-5882

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:51:16 -0300

CVE-2019-5882 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.



About   -   Send Feedback to @ubuntu_updates