Change logs for irssi source package in Artful
-
irssi (1.0.4-1ubuntu2.3) artful-security; urgency=medium * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7050.patch: check if nick is Null in src/fe-common/core/chat-completion.c. - CVE-2018-7050 * SECURITY UPDATE: Certain nick names result in out-of-bounds access - debian/patches/CVE-2018-7051.patch: don't read beyond end of escaped string in src/fe-common/core/themes.c. - CVE-2018-7051 * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7052.patch: check if window parent is Null in src/fe-text/mainwindows.c. - CVE-2018-7052 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2018-7053.patch: avoiding reuse sasl timeout in src/irc/core/sasl.c. - CVE-2018-7073 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2018-7054.patch: fix in src/fe-common/irc/fe-netjoin.c, src/fe-common/irc/fe-netsplit.c. - CVE-2018-7054 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Feb 2018 18:50:57 -0300
-
irssi (1.0.4-1ubuntu2.2) artful-security; urgency=medium * SECURITY UPDATE: buffer overread via incomplete escape codes - debian/patches/CVE-2018-5205.patch: check for complete char in src/core/misc.c. - CVE-2018-5205 * SECURITY UPDATE: NULL dereference via setting channel topic without specifying a sender - debian/patches/CVE-2018-5206.patch: do not record topic change time when sender is blank in src/irc/core/channel-events.c. - CVE-2018-5206 * SECURITY UPDATE: buffer overread via incomplete variable argument - debian/patches/CVE-2018-5207.patch: disable variable arguments code in src/core/special-vars.c. - CVE-2018-5207 * SECURITY UPDATE: heap overflow in completion code - debian/patches/CVE-2018-5208.patch: check for direct match of separator in src/fe-common/core/completion.c. - CVE-2018-5208 -- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:37:24 -0500
-
irssi (1.0.4-1ubuntu2.1) artful-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-15xxx.patch: address security issues in src/core/recode.c, src/fe-common/core/themes.c, src/irc/core/channel-events.c, src/irc/core/channels-query.c, src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c, src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c. - CVE-2017-15227 - CVE-2017-15228 - CVE-2017-15721 - CVE-2017-15722 - CVE-2017-15723 -- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 07:48:35 -0400
-
irssi (1.0.4-1ubuntu2) artful; urgency=medium * No-change rebuild for perl 5.26.0. -- Matthias Klose <email address hidden> Wed, 26 Jul 2017 20:03:17 +0000
-
irssi (1.0.4-1ubuntu1) artful; urgency=medium * Merge from Debian. Remaining changes: - Refresh and re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. irssi (1.0.4-1) unstable; urgency=high * New upstream bugfix release (closes: #867598): - Fix null pointer dereference when parsing invalid timestamp. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965] - Fix use-after-free condition when removing nicks from the internal nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966] - Fix incorrect string comparison in DCC file names. - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'". - Fix a bug when using \n to separate lines with expand_escapes. - Retain screen output on improper exit, to better see any error messages. - Minor help update. -- Unit 193 <email address hidden> Wed, 12 Jul 2017 04:20:11 -0400
-
irssi (1.0.3-1ubuntu1) artful; urgency=medium * Merge from Debian. Remaining changes: - Refresh and re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. irssi (1.0.3-1) unstable; urgency=high * New upstream pure bugfix release. -- Unit 193 <email address hidden> Thu, 08 Jun 2017 16:52:36 -0400
-
irssi (1.0.2-1ubuntu2) artful; urgency=medium * debian/patches/90-irc-ubuntu-com: update to use the right use_tls option, and add tls_verify. Thanks to Unit193 for noticing! -- Marc Deslauriers <email address hidden> Fri, 05 May 2017 07:32:23 -0400
-
irssi (1.0.2-1ubuntu1) artful; urgency=medium * Merge from Debian. Remaining changes: - Re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03debian_firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. irssi (1.0.2-1) unstable; urgency=high * New upstream pure bugfix release: - Prevent some null-pointer crashes. - Fix compilation with OpenSSL 1.1.0. - Correct dereferencing of already freed server objects during output of netjoins. Found by APic. (closes: #857502) - Fix in command arg parser to detect missing arguments in tail place. - Fix regression that broke incoming DCC file transfers. - Fix issue with escaping \ in evaluated strings. irssi (1.0.1-1) unstable; urgency=high * New upstream pure bugfix release: - Fix Perl compilation in object dir. - Disable EC cryptography on Solaris to fix build. - Fix incorrect HELP SERVER example. - Correct memory leak in /OP and /VOICE. - Fix regression that broke second level completion. - Correct missing NULL termination in perl_parse. - Sync broken mail.pl script. irssi (1.0.0-1) unstable; urgency=medium * New upstream release. * Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward compatibility to not require modules using these functions to change code. * Update patch 22fix-perl-hardening. irssi (0.8.21-1) unstable; urgency=medium * New upstream security release (Closes: #850403): - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: Use-after-freee when receiving invalid nick message - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes - CVE-2017-5196: Out-of-bounds read in certain incomplete character sequences * Remove patch 23fix-buf.pl which is included in upstream release. * Set PACKAGE_VERSION for configure as suggested by upstream. -- Marc Deslauriers <email address hidden> Thu, 04 May 2017 07:59:52 -0400
-
irssi (0.8.20-2ubuntu2) zesty; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-5xxx.patch: properly handle strings in src/fe-common/core/formats.c, handle utf8 errors in src/fe-text/term-terminfo.c, properly handle invalid nicks in src/irc/core/irc-nicklist.c, make sure nick is valid in src/irc/core/irc-queries.c. - CVE-2017-5193 - CVE-2017-5194 - CVE-2017-5195 - CVE-2017-5196 - CVE-2017-5356 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 12:52:09 -0500