Ubuntu
irssi package

Change logs for irssi source package in Artful

  1. Artful (17.10)
  2. Change log 
  • irssi (1.0.4-1ubuntu2.3) artful-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7050.patch: check if
      nick is Null in src/fe-common/core/chat-completion.c.
    - CVE-2018-7050
  * SECURITY UPDATE: Certain nick names result in out-of-bounds
    access
    - debian/patches/CVE-2018-7051.patch: don't read beyond end of
      escaped string in src/fe-common/core/themes.c.
    - CVE-2018-7051
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7052.patch: check if window parent
      is Null in src/fe-text/mainwindows.c.
    - CVE-2018-7052
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2018-7053.patch: avoiding
      reuse sasl timeout in src/irc/core/sasl.c.
    - CVE-2018-7073
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2018-7054.patch: fix in
      src/fe-common/irc/fe-netjoin.c, src/fe-common/irc/fe-netsplit.c.
    - CVE-2018-7054

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 28 Feb 2018 18:50:57 -0300
  • irssi (1.0.4-1ubuntu2.2) artful-security; urgency=medium

  * SECURITY UPDATE: buffer overread via incomplete escape codes
    - debian/patches/CVE-2018-5205.patch: check for complete char in
      src/core/misc.c.
    - CVE-2018-5205
  * SECURITY UPDATE: NULL dereference via setting channel topic without
    specifying a sender
    - debian/patches/CVE-2018-5206.patch: do not record topic change time
      when sender is blank in src/irc/core/channel-events.c.
    - CVE-2018-5206
  * SECURITY UPDATE: buffer overread via incomplete variable argument
    - debian/patches/CVE-2018-5207.patch: disable variable arguments code
      in src/core/special-vars.c.
    - CVE-2018-5207
  * SECURITY UPDATE: heap overflow in completion code
    - debian/patches/CVE-2018-5208.patch: check for direct match of
      separator in src/fe-common/core/completion.c.
    - CVE-2018-5208

 -- Marc Deslauriers <email address hidden>  Mon, 08 Jan 2018 14:37:24 -0500
  • irssi (1.0.4-1ubuntu2.1) artful-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-15xxx.patch: address security issues in
      src/core/recode.c, src/fe-common/core/themes.c,
      src/irc/core/channel-events.c, src/irc/core/channels-query.c,
      src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c,
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
    - CVE-2017-15227
    - CVE-2017-15228
    - CVE-2017-15721
    - CVE-2017-15722
    - CVE-2017-15723

 -- Marc Deslauriers <email address hidden>  Wed, 25 Oct 2017 07:48:35 -0400
  • irssi (1.0.4-1ubuntu2) artful; urgency=medium

  * No-change rebuild for perl 5.26.0.

 -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:03:17 +0000
  • irssi (1.0.4-1ubuntu1) artful; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.

irssi (1.0.4-1) unstable; urgency=high

  * New upstream bugfix release (closes: #867598):
    - Fix null pointer dereference when parsing invalid timestamp.
      Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
    - Fix use-after-free condition when removing nicks from the internal
      nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
    - Fix incorrect string comparison in DCC file names.
    - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
    - Fix a bug when using \n to separate lines with expand_escapes.
    - Retain screen output on improper exit, to better see any error
      messages.
    - Minor help update.

 -- Unit 193 <email address hidden>  Wed, 12 Jul 2017 04:20:11 -0400
  • irssi (1.0.3-1ubuntu1) artful; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.

irssi (1.0.3-1) unstable; urgency=high

  * New upstream pure bugfix release.

 -- Unit 193 <email address hidden>  Thu, 08 Jun 2017 16:52:36 -0400
  • irssi (1.0.2-1ubuntu2) artful; urgency=medium

  * debian/patches/90-irc-ubuntu-com: update to use the right use_tls
    option, and add tls_verify. Thanks to Unit193 for noticing!

 -- Marc Deslauriers <email address hidden>  Fri, 05 May 2017 07:32:23 -0400
  • irssi (1.0.2-1ubuntu1) artful; urgency=medium

  * Merge from Debian. Remaining changes:
    - Re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03debian_firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.

irssi (1.0.2-1) unstable; urgency=high

  * New upstream pure bugfix release:
    - Prevent some null-pointer crashes.
    - Fix compilation with OpenSSL 1.1.0.
    - Correct dereferencing of already freed server objects during
      output of netjoins. Found by APic. (closes: #857502)
    - Fix in command arg parser to detect missing arguments in tail place.
    - Fix regression that broke incoming DCC file transfers.
    - Fix issue with escaping \ in evaluated strings.

irssi (1.0.1-1) unstable; urgency=high

  * New upstream pure bugfix release:
    - Fix Perl compilation in object dir.
    - Disable EC cryptography on Solaris to fix build.
    - Fix incorrect HELP SERVER example.
    - Correct memory leak in /OP and /VOICE.
    - Fix regression that broke second level completion.
    - Correct missing NULL termination in perl_parse.
    - Sync broken mail.pl script.

irssi (1.0.0-1) unstable; urgency=medium

  * New upstream release.
  * Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward
    compatibility to not require modules using these functions to change code.
  * Update patch 22fix-perl-hardening.

irssi (0.8.21-1) unstable; urgency=medium

  * New upstream security release (Closes: #850403):
    - CVE-2017-5193: NULL pointer dereference in the nickcmp function
    - CVE-2017-5194: Use-after-freee when receiving invalid nick message
    - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes
    - CVE-2017-5196: Out-of-bounds read in certain incomplete character
      sequences
  * Remove patch 23fix-buf.pl which is included in upstream release.
  * Set PACKAGE_VERSION for configure as suggested by upstream.

 -- Marc Deslauriers <email address hidden>  Thu, 04 May 2017 07:59:52 -0400
  • irssi (0.8.20-2ubuntu2) zesty; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-5xxx.patch: properly handle strings in
      src/fe-common/core/formats.c, handle utf8 errors in
      src/fe-text/term-terminfo.c, properly handle invalid nicks in
      src/irc/core/irc-nicklist.c, make sure nick is valid in
      src/irc/core/irc-queries.c.
    - CVE-2017-5193
    - CVE-2017-5194
    - CVE-2017-5195
    - CVE-2017-5196
    - CVE-2017-5356

 -- Marc Deslauriers <email address hidden>  Wed, 25 Jan 2017 12:52:09 -0500