* [Buildroot] [PATCH] irssi: security bump to version 1.0.7
@ 2018-03-18 14:40 Peter Korsgaard
2018-03-18 22:29 ` Peter Korsgaard
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-03-18 14:40 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
Use after free when server is disconnected during netsplits. Incomplete fix
of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.
Use after free when SASL messages are received in unexpected order. Found
by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.
Null pointer dereference when an ?empty? nick has been observed by Irssi.
Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.
When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.
Certain nick names could result in out of bounds access when printing theme
strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
| 2 +-
| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index 83dde00352..0f298137ba 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
-sha256 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585 irssi-1.0.6.tar.xz
+sha256 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac irssi-1.0.7.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
--git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index d49b5d7e46..611365f88e 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IRSSI_VERSION = 1.0.6
+IRSSI_VERSION = 1.0.7
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] irssi: security bump to version 1.0.7
2018-03-18 14:40 [Buildroot] [PATCH] irssi: security bump to version 1.0.7 Peter Korsgaard
@ 2018-03-18 22:29 ` Peter Korsgaard
2018-04-06 16:55 ` Peter Korsgaard
2018-04-11 15:45 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-03-18 22:29 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> Use after free when server is disconnected during netsplits. Incomplete fix
> of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
> CVE-2018-7054 [2] was assigned to this issue.
> Use after free when SASL messages are received in unexpected order. Found
> by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
> this issue.
> Null pointer dereference when an ?empty? nick has been observed by Irssi.
> Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
> to this issue.
> When the number of windows exceed the available space, Irssi would crash due
> to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
> CVE-2018-7052 [5] was assigned to this issue.
> Certain nick names could result in out of bounds access when printing theme
> strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
> this issue.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] irssi: security bump to version 1.0.7
2018-03-18 14:40 [Buildroot] [PATCH] irssi: security bump to version 1.0.7 Peter Korsgaard
2018-03-18 22:29 ` Peter Korsgaard
@ 2018-04-06 16:55 ` Peter Korsgaard
2018-04-11 15:45 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-04-06 16:55 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> Use after free when server is disconnected during netsplits. Incomplete fix
> of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
> CVE-2018-7054 [2] was assigned to this issue.
> Use after free when SASL messages are received in unexpected order. Found
> by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
> this issue.
> Null pointer dereference when an ?empty? nick has been observed by Irssi.
> Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
> to this issue.
> When the number of windows exceed the available space, Irssi would crash due
> to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
> CVE-2018-7052 [5] was assigned to this issue.
> Certain nick names could result in out of bounds access when printing theme
> strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
> this issue.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] irssi: security bump to version 1.0.7
2018-03-18 14:40 [Buildroot] [PATCH] irssi: security bump to version 1.0.7 Peter Korsgaard
2018-03-18 22:29 ` Peter Korsgaard
2018-04-06 16:55 ` Peter Korsgaard
@ 2018-04-11 15:45 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-04-11 15:45 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> Use after free when server is disconnected during netsplits. Incomplete fix
> of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
> CVE-2018-7054 [2] was assigned to this issue.
> Use after free when SASL messages are received in unexpected order. Found
> by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
> this issue.
> Null pointer dereference when an ?empty? nick has been observed by Irssi.
> Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
> to this issue.
> When the number of windows exceed the available space, Irssi would crash due
> to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
> CVE-2018-7052 [5] was assigned to this issue.
> Certain nick names could result in out of bounds access when printing theme
> strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
> this issue.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-11 15:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-18 14:40 [Buildroot] [PATCH] irssi: security bump to version 1.0.7 Peter Korsgaard
2018-03-18 22:29 ` Peter Korsgaard
2018-04-06 16:55 ` Peter Korsgaard
2018-04-11 15:45 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.