Date: Tue, 06 Jun 2017 22:30:58 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 219827] irc/irssi: Update to 1.0.3 (security fixes) Message-ID: <bug-219827-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219827 Bug ID: 219827 Summary: irc/irssi: Update to 1.0.3 (security fixes) Product: Ports & Packages Version: Latest Hardware: Any URL: https://irssi.org/security/irssi_sa_2017_06.txt OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: dor.bsd@xm0.uk, ports-secteam@FreeBSD.org Attachment #183274 maintainer-approval? Flags: Flags: maintainer-feedback?(dor.bsd@xm0.uk), merge-quarterly? CC: dor.bsd@xm0.uk Created attachment 183274 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D183274&action= =3Dedit Update irssi to 1.0.3 Two vulnerabilities have been located in Irssi. (a) When receiving a DCC message without source nick/host, Irssi would attempt to dereference a NULL pointer. Found by Joseph Bisch. (CWE-690) (b) When receiving certain incorrectly quoted DCC files, Irssi would try to find the terminating quote one byte before the allocated memory. Found by Joseph Bisch. (CWE-129, CWE-127) * Patch: =20 https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301a= d55 * SA: https://irssi.org/security/irssi_sa_2017_06.txt 1.0.3 also includes changes: v1.0.3 2017-06-06 The Irssi team <staff@irssi.org> - Fix out of bounds read when scanning expandos (GL!11). - Fix invalid memory access with quoted filenames in DCC (GL#8, GL!12). - Fix null-pointer dereference on DCC without address (GL#9, GL!13). - Improve integer overflow handling. Originally reported by oss-fuzz#525 (#706). - Improve nicklist performance from O(N^2) to O(N) (#705). - Fix initial screen redraw delay. By Stephen Oberholtzer (#680, bdo#856201). - Fix incorrect reset of true colours when resetting background. (#711). - Fix missing -notls option in /SERVER. By Jari Matilainen (#117, #702). - Fix minor history glitch on overcounter (#462, #685). - Improved OpenSSL detection at compile time. By Rodrigo Rebello (#677). - Improved NetBSD Terminfo detection. By Maya Rashish (#694, #698). - Add missing syntax info for COMPLETION (#687, #688). - Minor typo correction in help. By Michael Hansen (#707). Attached patch builds fine with Poudriere on 11.0, amd64. Run tested with my usual usage pattern. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219827-13>