package/irssi/irssi.hash · 427354a3b9f0fd26d5568eed988b49bb536fc6eb · netdsa / buildroot

irssi: security bump to version 1.0.6 · 427354a3

Peter Korsgaard authored Jan 07, 2018

>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018

-5207 was assigned to this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

427354a3