Package "irssi-dev"
Name: |
irssi-dev
|
Description: |
terminal based IRC client - development files
|
Latest version: |
0.8.15-5ubuntu3.6 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
irssi |
Homepage: |
http://irssi.org/ |
Links
Download "irssi-dev"
Other versions of "irssi-dev" in Trusty
Changelog
irssi (0.8.15-5ubuntu3.6) trusty-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2019-5882.patch: fix in
src/fe-text/textbuffer-view.c.
- CVE-2019-5882
-- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:01:10 -0300
|
Source diff to previous version |
CVE-2019-5882 |
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. |
|
irssi (0.8.15-5ubuntu3.5) trusty-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-7050.patch: check if
nick is Null in src/fe-common/core/chat-completion.c.
- CVE-2018-7050
* SECURITY UPDATE: Certain nick names result in out-of-bounds
access
- debian/patches/CVE-2018-7051.patch: don't read beyond end of
escaped string in src/fe-common/core/themes.c.
- CVE-2018-7051
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-7052.patch: check if window parent
is Null in src/fe-text/mainwindows.c.
- CVE-2018-7052
-- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Feb 2018 16:35:58 -0300
|
Source diff to previous version |
CVE-2018-7050 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. |
CVE-2018-7051 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme str |
CVE-2018-7052 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL p |
|
irssi (0.8.15-5ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overread via incomplete escape codes
- debian/patches/CVE-2018-5205.patch: check for complete char in
src/core/misc.c.
- CVE-2018-5205
* SECURITY UPDATE: NULL dereference via setting channel topic without
specifying a sender
- debian/patches/CVE-2018-5206.patch: do not record topic change time
when sender is blank in src/irc/core/channel-events.c.
- CVE-2018-5206
* SECURITY UPDATE: buffer overread via incomplete variable argument
- debian/patches/CVE-2018-5207.patch: disable variable arguments code
in src/core/special-vars.c.
- CVE-2018-5207
* SECURITY UPDATE: heap overflow in completion code
- debian/patches/CVE-2018-5208.patch: check for direct match of
separator in src/fe-common/core/completion.c.
- CVE-2018-5208
-- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:44:16 -0500
|
Source diff to previous version |
CVE-2018-5205 |
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. |
CVE-2018-5206 |
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. |
CVE-2018-5207 |
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. |
CVE-2018-5208 |
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. |
|
irssi (0.8.15-5ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2017-1096x.patch: check return value of localtime
in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c.
- CVE-2017-10965
- CVE-2017-10966
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2017-15xxx.patch: address security issues in
src/fe-common/core/themes.c, src/irc/core/channel-events.c,
src/irc/core/channels-query.c, src/irc/dcc/dcc-chat.c,
src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
- CVE-2017-15227
- CVE-2017-15228
- CVE-2017-15721
- CVE-2017-15722
-- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 08:06:28 -0400
|
Source diff to previous version |
CVE-2017-1096 |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod |
CVE-2017-10965 |
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. |
CVE-2017-10966 |
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free t |
CVE-2017-15227 |
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting i |
CVE-2017-15228 |
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. |
CVE-2017-15721 |
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue |
CVE-2017-15722 |
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. |
|
irssi (0.8.15-5ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via DCC message without source nick/host
- debian/patches/CVE-2017-9468.patch: check addr in
src/irc/dcc/dcc-get.c.
- CVE-2017-9468
* SECURITY UPDATE: DoS via incorrectly quoted DCC files
- debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in
src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c.
- CVE-2017-9469
-- Marc Deslauriers <email address hidden> Thu, 08 Jun 2017 15:19:31 -0400
|
CVE-2017-9468 |
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can |
CVE-2017-9469 |
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memo |
|
About
-
Send Feedback to @ubuntu_updates