rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

irssi: security bump to version 1.0.6

>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

author	Peter Korsgaard <peter@korsgaard.com>
	Sun, 7 Jan 2018 21:03:18 +0000 (22:03 +0100)
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
	Sun, 7 Jan 2018 22:47:43 +0000 (23:47 +0100)
commit	aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77
tree	adda25e4bb86e33cefe39963171470df99d00374	tree \| snapshot
parent	dc1be64377f1479aea46169010b71ab4d83ab1ee	commit \| diff

package/irssi/irssi.hash		diff \| blob \| history
package/irssi/irssi.mk		diff \| blob \| history