UbuntuUpdates.org

Package "irssi-dev"

Name: irssi-dev

Description:

terminal based IRC client - development files

Latest version: 0.8.15-5ubuntu3.6
Release: trusty (14.04)
Level: updates
Repository: main
Head package: irssi
Homepage: http://irssi.org/

Links


Download "irssi-dev"


Other versions of "irssi-dev" in Trusty

Repository Area Version
base main 0.8.15-5ubuntu3
security main 0.8.15-5ubuntu3.6

Changelog

Version: 0.8.15-5ubuntu3.6 2019-01-17 15:06:33 UTC

  irssi (0.8.15-5ubuntu3.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5882.patch: fix in
      src/fe-text/textbuffer-view.c.
    - CVE-2019-5882

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:01:10 -0300

Source diff to previous version
CVE-2019-5882 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.

Version: 0.8.15-5ubuntu3.5 2018-03-06 17:07:22 UTC

  irssi (0.8.15-5ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7050.patch: check if
      nick is Null in src/fe-common/core/chat-completion.c.
    - CVE-2018-7050
  * SECURITY UPDATE: Certain nick names result in out-of-bounds
    access
    - debian/patches/CVE-2018-7051.patch: don't read beyond end of
      escaped string in src/fe-common/core/themes.c.
    - CVE-2018-7051
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7052.patch: check if window parent
      is Null in src/fe-text/mainwindows.c.
    - CVE-2018-7052

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Feb 2018 16:35:58 -0300

Source diff to previous version
CVE-2018-7050 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-7051 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme str
CVE-2018-7052 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL p

Version: 0.8.15-5ubuntu3.4 2018-01-10 15:07:02 UTC

  irssi (0.8.15-5ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overread via incomplete escape codes
    - debian/patches/CVE-2018-5205.patch: check for complete char in
      src/core/misc.c.
    - CVE-2018-5205
  * SECURITY UPDATE: NULL dereference via setting channel topic without
    specifying a sender
    - debian/patches/CVE-2018-5206.patch: do not record topic change time
      when sender is blank in src/irc/core/channel-events.c.
    - CVE-2018-5206
  * SECURITY UPDATE: buffer overread via incomplete variable argument
    - debian/patches/CVE-2018-5207.patch: disable variable arguments code
      in src/core/special-vars.c.
    - CVE-2018-5207
  * SECURITY UPDATE: heap overflow in completion code
    - debian/patches/CVE-2018-5208.patch: check for direct match of
      separator in src/fe-common/core/completion.c.
    - CVE-2018-5208

 -- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:44:16 -0500

Source diff to previous version
CVE-2018-5205 When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-5206 When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
CVE-2018-5207 When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
CVE-2018-5208 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.

Version: 0.8.15-5ubuntu3.3 2017-10-26 21:06:38 UTC

  irssi (0.8.15-5ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-1096x.patch: check return value of localtime
      in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c.
    - CVE-2017-10965
    - CVE-2017-10966
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-15xxx.patch: address security issues in
      src/fe-common/core/themes.c, src/irc/core/channel-events.c,
      src/irc/core/channels-query.c, src/irc/dcc/dcc-chat.c,
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
    - CVE-2017-15227
    - CVE-2017-15228
    - CVE-2017-15721
    - CVE-2017-15722

 -- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 08:06:28 -0400

Source diff to previous version
CVE-2017-1096 IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
CVE-2017-10965 An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
CVE-2017-10966 An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free t
CVE-2017-15227 Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting i
CVE-2017-15228 Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
CVE-2017-15721 In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue
CVE-2017-15722 In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

Version: 0.8.15-5ubuntu3.2 2017-06-12 14:06:43 UTC

  irssi (0.8.15-5ubuntu3.2) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via DCC message without source nick/host
    - debian/patches/CVE-2017-9468.patch: check addr in
      src/irc/dcc/dcc-get.c.
    - CVE-2017-9468
  * SECURITY UPDATE: DoS via incorrectly quoted DCC files
    - debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c.
    - CVE-2017-9469

 -- Marc Deslauriers <email address hidden> Thu, 08 Jun 2017 15:19:31 -0400

CVE-2017-9468 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can
CVE-2017-9469 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memo



About   -   Send Feedback to @ubuntu_updates