Change logs for irssi source package in Bionic
-
irssi (1.0.5-1ubuntu4.2) bionic-security; urgency=medium * SECURITY UPDATE: User after free - debian/patches/CVE-2018-7054.patch: try to make sure the server is still good enough to call ischannel when printing netsplit/join in src/fe-common/irc/fet-netjoin.c, src/fe-common/irc/fe-netsplit.c. - CVE-2018-7054 * SECURITY UPDATE: User after free - debian/patches/CVE-2019-13045.patch: copy sasl username and password values in src/irc/core/irc-core.c, src/irc/core/irc-servers-reconnect.c, src/irc/core/irc-servers-setup.c. - CVE-2019-13045 -- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Jul 2019 10:32:41 -0300
-
irssi (1.0.5-1ubuntu4.1) bionic-security; urgency=medium * SECURITY UPDATE: Use after free - debian/patches/CVE-2019-5882.patch: fix in src/fe-text/textbuffer-view.c. - CVE-2019-5882 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:51:16 -0300
-
irssi (1.0.5-1ubuntu4) bionic; urgency=medium * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7050.patch: check if nick is Null in src/fe-common/core/chat-completion.c. - CVE-2018-7050 * SECURITY UPDATE: Certain nick names result in out-of-bounds access - debian/patches/CVE-2018-7051.patch: don't read beyond end of escaped string in src/fe-common/core/themes.c. - CVE-2018-7051 * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7052.patch: check if window parent is Null in src/fe-text/mainwindows.c. - CVE-2018-7052 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2018-7053.patch: avoiding reuse sasl timeout in src/irc/core/sasl.c. - CVE-2018-7073 -- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Mar 2018 11:03:13 -0300
-
irssi (1.0.5-1ubuntu3) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:50:07 +0000
-
irssi (1.0.5-1ubuntu2) bionic; urgency=medium * SECURITY UPDATE: buffer overread via incomplete escape codes - debian/patches/CVE-2018-5205.patch: check for complete char in src/core/misc.c. - CVE-2018-5205 * SECURITY UPDATE: NULL dereference via setting channel topic without specifying a sender - debian/patches/CVE-2018-5206.patch: do not record topic change time when sender is blank in src/irc/core/channel-events.c. - CVE-2018-5206 * SECURITY UPDATE: buffer overread via incomplete variable argument - debian/patches/CVE-2018-5207.patch: disable variable arguments code in src/core/special-vars.c. - CVE-2018-5207 * SECURITY UPDATE: heap overflow in completion code - debian/patches/CVE-2018-5208.patch: check for direct match of separator in src/fe-common/core/completion.c. - CVE-2018-5208 -- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:30:45 -0500
-
irssi (1.0.5-1ubuntu1) devel; urgency=medium * Merge from Debian. Remaining changes: - Refresh and re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. * Changes no longer needed: - d/p/CVE-2017-15xxx.patch: Applied upstream. irssi (1.0.5-1) unstable; urgency=high * New upstream bugfix release (closes: #879521): - Fix missing -sasl_method '' in /NETWORK. - Fix incorrect restoration of term state when hitting SUSP inside screen. - Fix out of bounds read when compressing colour sequences. Found by Hanno Böck. [CVE-2017-15228] - Fix use after free condition during a race condition when waiting on channel sync during a rejoin [CVE-2017-15227] - Fix null pointer dereference when parsing certain malformed CTCP DCC messages. [CVE-2017-15721] - Fix crash due to null pointer dereference when failing to split messages due to overlong nick or target. [CVE-2017-15723] - Fix out of bounds read when trying to skip a safe channel ID without verifying that the ID is long enough. [CVE-2017-15722] - Fix return of random memory when inet_ntop failed. - Minor statusbar help update. * Remove deprecated --with autotools_dev call to dh. * Bump Standards-Version to 4.1.1. * Change priority of irssi-dev from deprecated extra to optional. * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog directly. -- Unit 193 <email address hidden> Sat, 02 Dec 2017 17:18:54 -0500
-
irssi (1.0.4-1ubuntu4) bionic; urgency=medium * No-change rebuild against perlapi-5.26.1 -- Steve Langasek <email address hidden> Thu, 02 Nov 2017 05:36:03 +0000
-
irssi (1.0.4-1ubuntu3) bionic; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-15xxx.patch: address security issues in src/core/recode.c, src/fe-common/core/themes.c, src/irc/core/channel-events.c, src/irc/core/channels-query.c, src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c, src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c. - CVE-2017-15227 - CVE-2017-15228 - CVE-2017-15721 - CVE-2017-15722 - CVE-2017-15723 -- Marc Deslauriers <email address hidden> Mon, 30 Oct 2017 09:38:11 -0400
-
irssi (1.0.4-1ubuntu2) artful; urgency=medium * No-change rebuild for perl 5.26.0. -- Matthias Klose <email address hidden> Wed, 26 Jul 2017 20:03:17 +0000