UbuntuUpdates.org

Package "irssi-dev"

Name: irssi-dev

Description:

terminal based IRC client - development files

Latest version: 0.8.19-1ubuntu1.9
Release: xenial (16.04)
Level: security
Repository: main
Head package: irssi
Homepage: http://irssi.org/

Links


Download "irssi-dev"


Other versions of "irssi-dev" in Xenial

Repository Area Version
base main 0.8.19-1ubuntu1
updates main 0.8.19-1ubuntu1.9

Changelog

Version: 0.8.19-1ubuntu1.4 2017-06-12 13:06:42 UTC

  irssi (0.8.19-1ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via DCC message without source nick/host
    - debian/patches/CVE-2017-9468.patch: check addr in
      src/irc/dcc/dcc-get.c.
    - CVE-2017-9468
  * SECURITY UPDATE: DoS via incorrectly quoted DCC files
    - debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c.
    - CVE-2017-9469

 -- Marc Deslauriers <email address hidden> Thu, 08 Jun 2017 15:17:59 -0400

Source diff to previous version
CVE-2017-9468 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can
CVE-2017-9469 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memo

Version: 0.8.19-1ubuntu1.3 2017-02-01 19:06:44 UTC

  irssi (0.8.19-1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: local information disclosure via scrollbuffer dump
    - debian/patches/CVE-2016-7553.patch: set proper permissions in
      scripts/buf.pl.
    - CVE-2016-7553
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-5xxx.patch: properly handle strings in
      src/fe-common/core/formats.c, handle utf8 errors in
      src/fe-text/term-terminfo.c, properly handle invalid nicks in
      src/irc/core/irc-nicklist.c, make sure nick is valid in
      src/irc/core/irc-queries.c.
    - CVE-2017-5193
    - CVE-2017-5194
    - CVE-2017-5195
    - CVE-2017-5196
    - CVE-2017-5356

 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 13:00:03 -0500

Source diff to previous version
CVE-2016-7553 Information disclosure vulnerability in buf.pl
CVE-2017-5193 NULL pointer dereference in the nickcmp function
CVE-2017-5194 Use after free when receiving invalid nick message
CVE-2017-5195 Out of bounds read in certain incomplete control codes
CVE-2017-5196 Out of bounds read in certain incomplete character sequences
CVE-2017-5356 Irssi out of bounds read in format string

Version: 0.8.19-1ubuntu1.2 2016-09-21 20:06:27 UTC

  irssi (0.8.19-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix color format decoding (LP: #1624068):
    - Add debian/patches/91fix-color-formatting:
      + fix unformat_24bit_color (CVE-2016-7044)
      + fix format_send_to_gui (CVE-2016-7045)

 -- Kees Cook <email address hidden> Thu, 15 Sep 2016 11:43:53 -0700




About   -   Send Feedback to @ubuntu_updates