Date: Fri, 07 Jul 2017 18:00:46 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 220544] irc/irssi: Update to 1.0.4 (security fixes) Message-ID: <bug-220544-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220544 Bug ID: 220544 Summary: irc/irssi: Update to 1.0.4 (security fixes) Product: Ports & Packages Version: Latest Hardware: Any URL: https://irssi.org/security/irssi_sa_2017_07.txt OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: dor.bsd@xm0.uk, ports-secteam@FreeBSD.org Attachment #184158 maintainer-approval?(dor.bsd@xm0.uk) Flags: Flags: maintainer-feedback?(dor.bsd@xm0.uk), merge-quarterly? CC: dor.bsd@xm0.uk Created attachment 184158 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D184158&action= =3Dedit Update irssi to 1.0.4 Two security vulnerabilities have been found in irssi, fixed in v1.0.4 (upd= ate patch attached): * CVE-2017-10965 When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-690) * CVE-2017-10966 While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-416 caused by CWE-227) * SA: https://irssi.org/security/irssi_sa_2017_07.txt --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220544-13>