Date: Sat, 06 Jan 2018 19:01:41 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224954] irc/irssi: Update to 1.0.6 (security fixes) Message-ID: <bug-224954-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224954 Bug ID: 224954 Summary: irc/irssi: Update to 1.0.6 (security fixes) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: dor.bsd@xm0.uk Created attachment 189468 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189468&action= =3Dedit Update irc/irssi port to 1.0.6 Updates irssi to 1.0.6 to correct CVEs CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207. (a) When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. (CWE-476) CVE-2018-5206 was assigned to this issue. (b) When using incomplete escape codes, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5205 was assigned to this issue. (c) A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. (CWE-126) Found by Joseph Bisch. CVE-2018-5208 was assigned to this issue. (d) When using an incomplete variable argument, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5207 was assigned to this issue. Upstream information about this is recorded at https://irssi.org/security/irssi_sa_2018_01.txt --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224954-13>