[Buildroot] [PATCH] irssi: security bump to version 1.0.7

Peter Korsgaard peter at korsgaard.com
Wed Apr 11 15:45:42 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > Use after free when server is disconnected during netsplits.  Incomplete fix
 > of CVE-2017-7191.  Found by Joseph Bisch.  (CWE-416, CWE-825) -
 > CVE-2018-7054 [2] was assigned to this issue.

 > Use after free when SASL messages are received in unexpected order.  Found
 > by Joseph Bisch.  (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
 > this issue.

 > Null pointer dereference when an “empty” nick has been observed by Irssi.
 > Found by Joseph Bisch.  (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
 > to this issue.

 > When the number of windows exceed the available space, Irssi would crash due
 > to Null pointer dereference.  Found by Joseph Bisch.  (CWE-690) -
 > CVE-2018-7052 [5] was assigned to this issue.

 > Certain nick names could result in out of bounds access when printing theme
 > strings.  Found by Oss-Fuzz.  (CWE-126) - CVE-2018-7051 [6] was assigned to
 > this issue.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list