irssi: security bump to version 1.0.4

>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt

Two vulnerabilities have been located in Irssi.

(a) When receiving messages with invalid time stamps, Irssi would try
    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
    of Geeknik Labs. (CWE-690)

    CVE-2017-10965 [2] was assigned to this bug

(b) While updating the internal nick list, Irssi may incorrectly use
    the GHashTable interface and free the nick while updating it. This
    will then result in use-after-free conditions on each access of
    the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
    Labs. (CWE-416 caused by CWE-227)

    CVE-2017-10966 [3] was assigned to this bug

Impact
------

(a) May result in denial of service (remote crash).

(b) Undefined behaviour.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9bf78446888ed3b98d893e70ce4f5e4679fd2ebb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index abb421998cc3022fac7d7c753cba7c970c196310..7b019025d84e18560bd6badec550c0cfc5d15a9f 100644 (file)
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 838220297dcbe7c8c42d01005059779a82f5b7b7e7043db37ad13f5966aff581        irssi-1.0.3.tar.xz
+sha256 b85c07dbafe178213eccdc69f5f8f0ac024dea01c67244668f91ec1c06b986ca        irssi-1.0.4.tar.xz

diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index 2b3bff4974c21212e0ebc41d25dd1f5205eb097d..4fef1125b1c895b35d459882cbd645b8f5fa6c0b 100644 (file)
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 1.0.3
+IRSSI_VERSION = 1.0.4
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.