Commit 427354a3 authored by Peter Korsgaard's avatar Peter Korsgaard
Browse files

irssi: security bump to version 1.0.6

>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018

-5207 was assigned to this issue.
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77)
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 13ade014
# Locally calculated after checking pgp signature
sha256 c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914 irssi-1.0.5.tar.xz
sha256 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585 irssi-1.0.6.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
......@@ -4,7 +4,7 @@
#
################################################################################
IRSSI_VERSION = 1.0.5
IRSSI_VERSION = 1.0.6
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment