Ubuntu
irssi package

Change logs for irssi source package in Xenial

  1. Xenial (16.04)
  2. Change log 
  • irssi (0.8.19-1ubuntu1.9) xenial-security; urgency=medium

  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2019-13045.patch: copy sasl username
      and password values in  src/irc/core/irc-core.c,
      src/irc/core/irc-servers-reconnect.c,
      src/irc/core/irc-servers-setup.c.
    - CVE-2019-13045

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Jul 2019 10:09:59 -0300
  • irssi (0.8.19-1ubuntu1.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5882.patch: fix in
      src/fe-text/textbuffer-view.c.
    - CVE-2019-5882

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 16 Jan 2019 09:34:59 -0300
  • irssi (0.8.19-1ubuntu1.7) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7050.patch: check if
      nick is Null in src/fe-common/core/chat-completion.c.
    - CVE-2018-7050
  * SECURITY UPDATE: Certain nick names result in out-of-bounds
    access
    - debian/patches/CVE-2018-7051.patch: don't read beyond end of
      escaped string in src/fe-common/core/themes.c.
    - CVE-2018-7051
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-7052.patch: check if window parent
      is Null in src/fe-text/mainwindows.c.
    - CVE-2018-7052
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2018-7053.patch: avoiding
      reuse sasl timeout in src/irc/core/sasl.c.
    - CVE-2018-7073

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 28 Feb 2018 17:35:02 -0300
  • irssi (0.8.19-1ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overread via incomplete escape codes
    - debian/patches/CVE-2018-5205.patch: check for complete char in
      src/core/misc.c.
    - CVE-2018-5205
  * SECURITY UPDATE: NULL dereference via setting channel topic without
    specifying a sender
    - debian/patches/CVE-2018-5206.patch: do not record topic change time
      when sender is blank in src/irc/core/channel-events.c.
    - CVE-2018-5206
  * SECURITY UPDATE: buffer overread via incomplete variable argument
    - debian/patches/CVE-2018-5207.patch: disable variable arguments code
      in src/core/special-vars.c.
    - CVE-2018-5207
  * SECURITY UPDATE: heap overflow in completion code
    - debian/patches/CVE-2018-5208.patch: check for direct match of
      separator in src/fe-common/core/completion.c.
    - CVE-2018-5208

 -- Marc Deslauriers <email address hidden>  Mon, 08 Jan 2018 14:41:10 -0500
  • irssi (0.8.19-1ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-1096x.patch: check return value of localtime
      in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c.
    - CVE-2017-10965
    - CVE-2017-10966
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-15xxx.patch: address security issues in
      src/core/recode.c, src/fe-common/core/themes.c,
      src/irc/core/channel-events.c, src/irc/core/channels-query.c,
      src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c,
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
    - CVE-2017-15227
    - CVE-2017-15228
    - CVE-2017-15721
    - CVE-2017-15722
    - CVE-2017-15723

 -- Marc Deslauriers <email address hidden>  Wed, 25 Oct 2017 08:00:36 -0400
  • irssi (0.8.19-1ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via DCC message without source nick/host
    - debian/patches/CVE-2017-9468.patch: check addr in
      src/irc/dcc/dcc-get.c.
    - CVE-2017-9468
  * SECURITY UPDATE: DoS via incorrectly quoted DCC files
    - debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in
      src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c.
    - CVE-2017-9469

 -- Marc Deslauriers <email address hidden>  Thu, 08 Jun 2017 15:17:59 -0400
  • irssi (0.8.19-1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: local information disclosure via scrollbuffer dump
    - debian/patches/CVE-2016-7553.patch: set proper permissions in
      scripts/buf.pl.
    - CVE-2016-7553
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2017-5xxx.patch: properly handle strings in
      src/fe-common/core/formats.c, handle utf8 errors in
      src/fe-text/term-terminfo.c, properly handle invalid nicks in
      src/irc/core/irc-nicklist.c, make sure nick is valid in
      src/irc/core/irc-queries.c.
    - CVE-2017-5193
    - CVE-2017-5194
    - CVE-2017-5195
    - CVE-2017-5196
    - CVE-2017-5356

 -- Marc Deslauriers <email address hidden>  Wed, 25 Jan 2017 13:00:03 -0500
  • irssi (0.8.19-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix color format decoding (LP: #1624068):
    - Add debian/patches/91fix-color-formatting:
      + fix unformat_24bit_color (CVE-2016-7044)
      + fix format_send_to_gui (CVE-2016-7045)

 -- Kees Cook <email address hidden>  Thu, 15 Sep 2016 11:43:53 -0700
  • irssi (0.8.19-1ubuntu1) xenial; urgency=medium

  * Merge from Debian.  Remaining changes:
    - Re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03debian_firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
    - d/control, d/rules: Drop libval-dev, not in Ubuntu main.

 -- Unit 193 <email address hidden>  Thu, 24 Mar 2016 19:28:09 -0400
  • irssi (0.8.18-1ubuntu1) xenial; urgency=medium

  * Merge from Debian testing (LP: #1423499).  Remaining changes:
    - Re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03debian_firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
    - d/control, d/rules: Drop libval-dev, not in Ubuntu main.

 -- Unit 193 <email address hidden>  Fri, 04 Mar 2016 00:46:08 -0500
  • irssi (0.8.17-1ubuntu2) xenial; urgency=medium

  * Rebuild for Perl 5.22.1.

 -- Colin Watson <email address hidden>  Fri, 18 Dec 2015 12:50:33 +0000
  • irssi (0.8.17-1ubuntu1) vivid; urgency=low

  * Merge from Debian testing (LP: #1423499).  Remaining changes:
    - Refreshed 03firsttimer_text to follow upstream changes to formatting.
    - Re-enabled 20fix_ssl_proxy_hostname_check.
    - Refreshed 90irc-ubuntu-com to follow upstream changes to config file
      formatting.

irssi (0.8.17-1) unstable; urgency=medium

  * The AdaCamp Berlin upload, new upstream stable release.
  * Remove commit patches 41fab07 and 1cf7017 which are included in this
    release.

irssi (0.8.17~rc1-1) experimental; urgency=medium

  * New upstream release which includes:
    - binding utf8 characters, removing the patch
  * Updated firstimer message patch.
  * README got renamed to README.md.
  * Compile with --enable-true-color.
  * Pull upstream commits 41fab07 and 1cf7017 to fix the colour black which
    got broken by extended colours.
 -- Daniel Watkins <email address hidden>   Sun, 12 Oct 2014 09:44:38 +0000