Ubuntu
irssi package

Change logs for irssi source package in Bionic

  1. Bionic (18.04)
  2. Change log 
  • irssi (1.0.5-1ubuntu4.2) bionic-security; urgency=medium

  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2018-7054.patch: try to make sure
      the server is still good enough to call ischannel when
      printing netsplit/join in src/fe-common/irc/fet-netjoin.c,
      src/fe-common/irc/fe-netsplit.c.
    - CVE-2018-7054
  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2019-13045.patch: copy sasl username
      and password values in  src/irc/core/irc-core.c,
      src/irc/core/irc-servers-reconnect.c,
      src/irc/core/irc-servers-setup.c.
    - CVE-2019-13045

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Jul 2019 10:32:41 -0300
  • irssi (1.0.5-1ubuntu4.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5882.patch: fix in
      src/fe-text/textbuffer-view.c.
    - CVE-2019-5882

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 16 Jan 2019 09:51:16 -0300
  • irssi (1.0.5-1ubuntu4) bionic; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7050.patch: check if
      nick is Null in src/fe-common/core/chat-completion.c.
    - CVE-2018-7050
  * SECURITY UPDATE: Certain nick names result in out-of-bounds
    access
    - debian/patches/CVE-2018-7051.patch: don't read beyond end of
      escaped string in src/fe-common/core/themes.c.
    - CVE-2018-7051
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7052.patch: check if window parent
      is Null in src/fe-text/mainwindows.c.
    - CVE-2018-7052
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2018-7053.patch: avoiding
      reuse sasl timeout in src/irc/core/sasl.c.
    - CVE-2018-7073

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 06 Mar 2018 11:03:13 -0300
  • irssi (1.0.5-1ubuntu3) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 16:50:07 +0000
  • irssi (1.0.5-1ubuntu2) bionic; urgency=medium

  * SECURITY UPDATE: buffer overread via incomplete escape codes
    - debian/patches/CVE-2018-5205.patch: check for complete char in
      src/core/misc.c.
    - CVE-2018-5205
  * SECURITY UPDATE: NULL dereference via setting channel topic without
    specifying a sender
    - debian/patches/CVE-2018-5206.patch: do not record topic change time
      when sender is blank in src/irc/core/channel-events.c.
    - CVE-2018-5206
  * SECURITY UPDATE: buffer overread via incomplete variable argument
    - debian/patches/CVE-2018-5207.patch: disable variable arguments code
      in src/core/special-vars.c.
    - CVE-2018-5207
  * SECURITY UPDATE: heap overflow in completion code
    - debian/patches/CVE-2018-5208.patch: check for direct match of
      separator in src/fe-common/core/completion.c.
    - CVE-2018-5208

 -- Marc Deslauriers <email address hidden>  Mon, 08 Jan 2018 14:30:45 -0500
  • irssi (1.0.5-1ubuntu1) devel; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
  * Changes no longer needed:
    - d/p/CVE-2017-15xxx.patch: Applied upstream.

irssi (1.0.5-1) unstable; urgency=high

  * New upstream bugfix release (closes: #879521):
    - Fix missing -sasl_method '' in /NETWORK.
    - Fix incorrect restoration of term state when hitting SUSP
      inside screen.
    - Fix out of bounds read when compressing colour
      sequences. Found by Hanno Böck. [CVE-2017-15228]
    - Fix use after free condition during a race condition when
      waiting on channel sync during a rejoin [CVE-2017-15227]
    - Fix null pointer dereference when parsing certain malformed
      CTCP DCC messages. [CVE-2017-15721]
    - Fix crash due to null pointer dereference when failing to
      split messages due to overlong nick or target. [CVE-2017-15723]
    - Fix out of bounds read when trying to skip a safe channel ID
      without verifying that the ID is long enough. [CVE-2017-15722]
    - Fix return of random memory when inet_ntop failed.
    - Minor statusbar help update.
  * Remove deprecated --with autotools_dev call to dh.
  * Bump Standards-Version to 4.1.1.
  * Change priority of irssi-dev from deprecated extra to optional.
  * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
    directly.

 -- Unit 193 <email address hidden>  Sat, 02 Dec 2017 17:18:54 -0500
  • irssi (1.0.4-1ubuntu4) bionic; urgency=medium

  * No-change rebuild against perlapi-5.26.1

 -- Steve Langasek <email address hidden>  Thu, 02 Nov 2017 05:36:03 +0000
  • irssi (1.0.4-1ubuntu3) bionic; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-15xxx.patch: address security issues in
      src/core/recode.c, src/fe-common/core/themes.c,
      src/irc/core/channel-events.c, src/irc/core/channels-query.c,
      src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c,
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
    - CVE-2017-15227
    - CVE-2017-15228
    - CVE-2017-15721
    - CVE-2017-15722
    - CVE-2017-15723

 -- Marc Deslauriers <email address hidden>  Mon, 30 Oct 2017 09:38:11 -0400
  • irssi (1.0.4-1ubuntu2) artful; urgency=medium

  * No-change rebuild for perl 5.26.0.

 -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:03:17 +0000