Change logs for irssi source package in Bionic

  • irssi (1.0.5-1ubuntu4.2) bionic-security; urgency=medium
      * SECURITY UPDATE: User after free
        - debian/patches/CVE-2018-7054.patch: try to make sure
          the server is still good enough to call ischannel when
          printing netsplit/join in src/fe-common/irc/fet-netjoin.c,
        - CVE-2018-7054
      * SECURITY UPDATE: User after free
        - debian/patches/CVE-2019-13045.patch: copy sasl username
          and password values in  src/irc/core/irc-core.c,
        - CVE-2019-13045
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Jul 2019 10:32:41 -0300
  • irssi (1.0.5-1ubuntu4.1) bionic-security; urgency=medium
      * SECURITY UPDATE: Use after free
        - debian/patches/CVE-2019-5882.patch: fix in
        - CVE-2019-5882
     -- <email address hidden> (Leonidas S. Barbosa)  Wed, 16 Jan 2019 09:51:16 -0300
  • irssi (1.0.5-1ubuntu4) bionic; urgency=medium
      * SECURITY UPDATE: Null pointer dereference
        - debian/patches/CVE-2018-7050.patch: check if
          nick is Null in src/fe-common/core/chat-completion.c.
        - CVE-2018-7050
      * SECURITY UPDATE: Certain nick names result in out-of-bounds
        - debian/patches/CVE-2018-7051.patch: don't read beyond end of
          escaped string in src/fe-common/core/themes.c.
        - CVE-2018-7051
      * SECURITY UPDATE: Null pointer dereference
        - debian/patches/CVE-2018-7052.patch: check if window parent
          is Null in src/fe-text/mainwindows.c.
        - CVE-2018-7052
      * SECURITY UPDATE: use-after-free
        - debian/patches/CVE-2018-7053.patch: avoiding
          reuse sasl timeout in src/irc/core/sasl.c.
        - CVE-2018-7073
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 06 Mar 2018 11:03:13 -0300
  • irssi (1.0.5-1ubuntu3) bionic; urgency=high
      * No change rebuild against openssl1.1.
     -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 16:50:07 +0000
  • irssi (1.0.5-1ubuntu2) bionic; urgency=medium
      * SECURITY UPDATE: buffer overread via incomplete escape codes
        - debian/patches/CVE-2018-5205.patch: check for complete char in
        - CVE-2018-5205
      * SECURITY UPDATE: NULL dereference via setting channel topic without
        specifying a sender
        - debian/patches/CVE-2018-5206.patch: do not record topic change time
          when sender is blank in src/irc/core/channel-events.c.
        - CVE-2018-5206
      * SECURITY UPDATE: buffer overread via incomplete variable argument
        - debian/patches/CVE-2018-5207.patch: disable variable arguments code
          in src/core/special-vars.c.
        - CVE-2018-5207
      * SECURITY UPDATE: heap overflow in completion code
        - debian/patches/CVE-2018-5208.patch: check for direct match of
          separator in src/fe-common/core/completion.c.
        - CVE-2018-5208
     -- Marc Deslauriers <email address hidden>  Mon, 08 Jan 2018 14:30:45 -0500
  • irssi (1.0.5-1ubuntu1) devel; urgency=medium
      * Merge from Debian. Remaining changes:
        - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
          - When we have a proxy setting, we expect the CN to match
            the proxy hostname, not the server hostname.
        - d/p/90irc-ubuntu-com:
          + Add the Ubuntu network with as the server,
            which is currently a CNAME for
        - d/p/03firsttimer_text:
          + Adapt 03firsttimer_text so it tells you about
            connecting to Ubuntu and joining #ubuntu.
      * Changes no longer needed:
        - d/p/CVE-2017-15xxx.patch: Applied upstream.
    irssi (1.0.5-1) unstable; urgency=high
      * New upstream bugfix release (closes: #879521):
        - Fix missing -sasl_method '' in /NETWORK.
        - Fix incorrect restoration of term state when hitting SUSP
          inside screen.
        - Fix out of bounds read when compressing colour
          sequences. Found by Hanno Böck. [CVE-2017-15228]
        - Fix use after free condition during a race condition when
          waiting on channel sync during a rejoin [CVE-2017-15227]
        - Fix null pointer dereference when parsing certain malformed
          CTCP DCC messages. [CVE-2017-15721]
        - Fix crash due to null pointer dereference when failing to
          split messages due to overlong nick or target. [CVE-2017-15723]
        - Fix out of bounds read when trying to skip a safe channel ID
          without verifying that the ID is long enough. [CVE-2017-15722]
        - Fix return of random memory when inet_ntop failed.
        - Minor statusbar help update.
      * Remove deprecated --with autotools_dev call to dh.
      * Bump Standards-Version to 4.1.1.
      * Change priority of irssi-dev from deprecated extra to optional.
      * Use in debian/rules instead of calling dpkg-parsechangelog
     -- Unit 193 <email address hidden>  Sat, 02 Dec 2017 17:18:54 -0500
  • irssi (1.0.4-1ubuntu4) bionic; urgency=medium
      * No-change rebuild against perlapi-5.26.1
     -- Steve Langasek <email address hidden>  Thu, 02 Nov 2017 05:36:03 +0000
  • irssi (1.0.4-1ubuntu3) bionic; urgency=medium
      * SECURITY UPDATE: multiple security issues
        - debian/patches/CVE-2017-15xxx.patch: address security issues in
          src/core/recode.c, src/fe-common/core/themes.c,
          src/irc/core/channel-events.c, src/irc/core/channels-query.c,
          src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c,
          src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
        - CVE-2017-15227
        - CVE-2017-15228
        - CVE-2017-15721
        - CVE-2017-15722
        - CVE-2017-15723
     -- Marc Deslauriers <email address hidden>  Mon, 30 Oct 2017 09:38:11 -0400
  • irssi (1.0.4-1ubuntu2) artful; urgency=medium
      * No-change rebuild for perl 5.26.0.
     -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:03:17 +0000