Ubuntu
irssi package

Change logs for irssi source package in Cosmic

Cosmic (18.10)
Change log

irssi (1.1.1-1ubuntu1.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2019-13045.patch: copy sasl username
      and password values in  src/irc/core/irc-core.c,
      src/irc/core/irc-servers-reconnect.c,
      src/irc/core/irc-servers-setup.c.
    - CVE-2019-13045

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Jul 2019 10:57:48 -0300

irssi (1.1.1-1ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5882.patch: fix in
      src/fe-text/textbuffer-view.c.
    - CVE-2019-5882

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 16 Jan 2019 09:06:18 -0300

irssi (1.1.1-1ubuntu1) devel; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to freenode and joining #ubuntu.
  * Changes no longer needed:
    - d/p/90irc-ubuntu-com:
      + irc.ubuntu.com was a CNAME to irc.freenode.net, but this prevents us
        from recommending and verifying TLS connections.  (LP: #1456778)

irssi (1.1.1-1) unstable; urgency=medium

  [ Rhonda D'Vine ]
  * New upstream release.
  * Uploaded from mIRC.
  * Adjust 03firsttimer_text patch for new location of the text.
  * Update copyright format URL to use https.
  * Install example scripts.
  * Bump Standards-Version to 4.1.4.
  * Move repository to salsa, update Vcs-* URLs.

  [ Unit 193 ]
  * Use https for upstream homepage.
  * /connect OFTC instead of irc.debian.org to get an ssl connection.

 -- Unit 193 <email address hidden>  Fri, 27 Jul 2018 07:01:51 -0400

irssi (1.0.7-1ubuntu1) cosmic; urgency=medium

  * Merge from Debian (LP: #1754781). Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
  * Changes no longer needed:
    - d/p/CVE-2018-xxxx.patch: Applied upstream.

irssi (1.0.7-1) unstable; urgency=high

  * New upstream bugfix release (closes: #886475):
    From 1.0.6:
    - Fix invalid memory access when reading hilight configuration
      (#787, #788).
    - Fix null pointer dereference when the channel topic is set
      without specifying a sender [CVE-2018-5206]
    - Fix return of random memory when using incomplete escape
      codes [CVE-2018-5205]
    - Fix heap buffer overflow when completing certain strings
      [CVE-2018-5208]
    - Fix return of random memory when using an incomplete
      variable argument [CVE-2018-5207]

    From 1.0.7:
    - Prevent use after free error during the execution of some
      commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
    - Revert netsplit print optimisation due to crashes
    - Fix use after free when SASL messages are received in
      unexpected order [CVE-2018-7053] (closes: #890675)
    - Fix null pointer dereference in the tab completion when an
      empty nick is joined [CVE-2018-7050] (closes: #890678)
    - Fix use after free when entering oper password
    - Fix null pointer dereference when too many windows are
      opened [CVE-2018-7052] (closes: #890676)
    - Fix out of bounds access in theme strings when the last
      escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
      (closes: #890677)
    - Fix out of bounds write when using negative counts on window
      resize
    - Minor help correction. By William Jackson

  * Fix watch URL.
  * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
  * Bump Standards-Version to 4.1.3.
  * Add lintian overrides for the spelling of "hilight" in the changelog
    mentioning the lintian overrides for the spelling of "hilight" in irssi
    itself.

 -- Unit 193 <email address hidden>  Fri, 09 Mar 2018 17:54:53 -0500

irssi (1.0.5-1ubuntu5) cosmic; urgency=medium

  * No-change rebuild for ncurses soname changes.

 -- Matthias Klose <email address hidden>  Thu, 03 May 2018 14:16:07 +0000

irssi (1.0.5-1ubuntu4) bionic; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7050.patch: check if
      nick is Null in src/fe-common/core/chat-completion.c.
    - CVE-2018-7050
  * SECURITY UPDATE: Certain nick names result in out-of-bounds
    access
    - debian/patches/CVE-2018-7051.patch: don't read beyond end of
      escaped string in src/fe-common/core/themes.c.
    - CVE-2018-7051
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7052.patch: check if window parent
      is Null in src/fe-text/mainwindows.c.
    - CVE-2018-7052
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2018-7053.patch: avoiding
      reuse sasl timeout in src/irc/core/sasl.c.
    - CVE-2018-7073

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 06 Mar 2018 11:03:13 -0300

Ubuntuirssi package

Change logs for irssi source package in Cosmic

Ubuntu
irssi package