[Buildroot] [PATCH] irssi: security bump to version 1.0.7
Peter Korsgaard
peter at korsgaard.com
Wed Apr 11 15:45:42 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> Use after free when server is disconnected during netsplits. Incomplete fix
> of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) -
> CVE-2018-7054 [2] was assigned to this issue.
> Use after free when SASL messages are received in unexpected order. Found
> by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
> this issue.
> Null pointer dereference when an “empty” nick has been observed by Irssi.
> Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
> to this issue.
> When the number of windows exceed the available space, Irssi would crash due
> to Null pointer dereference. Found by Joseph Bisch. (CWE-690) -
> CVE-2018-7052 [5] was assigned to this issue.
> Certain nick names could result in out of bounds access when printing theme
> strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to
> this issue.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list