CVE-2020-8955: backport 2.7.1 CVEs to 20.04 weechat-2.6
Bug #1872425 reported by
TJ
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
weechat (Ubuntu) |
Fix Released
|
Medium
|
TJ |
Bug Description
Ensure latest CVEs fixed in 2.7.1 are included in 20.04
CVE References
information type: | Public → Public Security |
Changed in weechat (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.
On recommendation of Sébastien Helleu a.k.a. FlashCode on IRC Freenode #weechat we should backport recent CVEs for 20.04 LTS:
$ gitlog v2.7..v2.7.1
5c0aa1aae 2020-02-20 20:45:08 +0100 N Sébastien Helleu Version 2.7.1
c827d6fa8 2020-02-14 08:14:31 +0100 N Sébastien Helleu irc: fix crash when receiving a malformed message 352 (who)
694b5c9f8 2020-02-14 08:11:02 +0100 N Sébastien Helleu irc: fix crash when a new message 005 is received with longer nick prefixes
51a739df6 2020-02-14 08:08:23 +0100 N Sébastien Helleu irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
410a12b2a 2020-02-14 08:05:19 +0100 N Sébastien Helleu Version 2.7.1-dev
I've added them on top of my earlier patch for LP #1866065 ("weechat python.so not linked against libpython3").