Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • B buildroot
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
  • Redmine
    • Redmine
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • netdsa
  • buildroot
  • Repository
Switch branch/tag
  • buildroot
  • package
  • irssi
  • irssi.hash
Find file BlameHistoryPermalink
  • Peter Korsgaard's avatar
    irssi: security bump to version 1.0.6 · 427354a3
    Peter Korsgaard authored Jan 07, 2018
    >From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
    
    Multiple vulnerabilities have been located in Irssi.
    
    (a) When the channel topic is set without specifying a sender, Irssi
        may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
    
        CVE-2018-5206 was assigned to this issue.
    
    (b) When using incomplete escape codes, Irssi may access data beyond
        the end of the string. (CWE-126) Found by Joseph Bisch.
    
        CVE-2018-5205 was assigned to this issue.
    
    (c) A calculation error in the completion code could cause a heap
        buffer overflow when completing certain strings. (CWE-126) Found
        by Joseph Bisch.
    
        CVE-2018-5208 was assigned to this issue.
    
    (d) When using an incomplete variable argument, Irssi may access data
        beyond the end of the string. (CWE-126) Found by Joseph Bisch.
    
        CVE-2018
    
    -5207 was assigned to this issue.
    Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
    Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
    (cherry picked from commit aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77)
    Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
    427354a3