Change logs for irssi source package in Xenial
-
irssi (0.8.19-1ubuntu1.9) xenial-security; urgency=medium * SECURITY UPDATE: User after free - debian/patches/CVE-2019-13045.patch: copy sasl username and password values in src/irc/core/irc-core.c, src/irc/core/irc-servers-reconnect.c, src/irc/core/irc-servers-setup.c. - CVE-2019-13045 -- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Jul 2019 10:09:59 -0300
-
irssi (0.8.19-1ubuntu1.8) xenial-security; urgency=medium * SECURITY UPDATE: Use after free - debian/patches/CVE-2019-5882.patch: fix in src/fe-text/textbuffer-view.c. - CVE-2019-5882 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:34:59 -0300
-
irssi (0.8.19-1ubuntu1.7) xenial-security; urgency=medium * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7050.patch: check if nick is Null in src/fe-common/core/chat-completion.c. - CVE-2018-7050 * SECURITY UPDATE: Certain nick names result in out-of-bounds access - debian/patches/CVE-2018-7051.patch: don't read beyond end of escaped string in src/fe-common/core/themes.c. - CVE-2018-7051 * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2018-7052.patch: check if window parent is Null in src/fe-text/mainwindows.c. - CVE-2018-7052 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2018-7053.patch: avoiding reuse sasl timeout in src/irc/core/sasl.c. - CVE-2018-7073 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Feb 2018 17:35:02 -0300
-
irssi (0.8.19-1ubuntu1.6) xenial-security; urgency=medium * SECURITY UPDATE: buffer overread via incomplete escape codes - debian/patches/CVE-2018-5205.patch: check for complete char in src/core/misc.c. - CVE-2018-5205 * SECURITY UPDATE: NULL dereference via setting channel topic without specifying a sender - debian/patches/CVE-2018-5206.patch: do not record topic change time when sender is blank in src/irc/core/channel-events.c. - CVE-2018-5206 * SECURITY UPDATE: buffer overread via incomplete variable argument - debian/patches/CVE-2018-5207.patch: disable variable arguments code in src/core/special-vars.c. - CVE-2018-5207 * SECURITY UPDATE: heap overflow in completion code - debian/patches/CVE-2018-5208.patch: check for direct match of separator in src/fe-common/core/completion.c. - CVE-2018-5208 -- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:41:10 -0500
-
irssi (0.8.19-1ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-1096x.patch: check return value of localtime in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c. - CVE-2017-10965 - CVE-2017-10966 * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-15xxx.patch: address security issues in src/core/recode.c, src/fe-common/core/themes.c, src/irc/core/channel-events.c, src/irc/core/channels-query.c, src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c, src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c. - CVE-2017-15227 - CVE-2017-15228 - CVE-2017-15721 - CVE-2017-15722 - CVE-2017-15723 -- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 08:00:36 -0400
-
irssi (0.8.19-1ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: DoS via DCC message without source nick/host - debian/patches/CVE-2017-9468.patch: check addr in src/irc/dcc/dcc-get.c. - CVE-2017-9468 * SECURITY UPDATE: DoS via incorrectly quoted DCC files - debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c. - CVE-2017-9469 -- Marc Deslauriers <email address hidden> Thu, 08 Jun 2017 15:17:59 -0400
-
irssi (0.8.19-1ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: local information disclosure via scrollbuffer dump - debian/patches/CVE-2016-7553.patch: set proper permissions in scripts/buf.pl. - CVE-2016-7553 * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-5xxx.patch: properly handle strings in src/fe-common/core/formats.c, handle utf8 errors in src/fe-text/term-terminfo.c, properly handle invalid nicks in src/irc/core/irc-nicklist.c, make sure nick is valid in src/irc/core/irc-queries.c. - CVE-2017-5193 - CVE-2017-5194 - CVE-2017-5195 - CVE-2017-5196 - CVE-2017-5356 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 13:00:03 -0500
-
irssi (0.8.19-1ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: Fix color format decoding (LP: #1624068): - Add debian/patches/91fix-color-formatting: + fix unformat_24bit_color (CVE-2016-7044) + fix format_send_to_gui (CVE-2016-7045) -- Kees Cook <email address hidden> Thu, 15 Sep 2016 11:43:53 -0700
-
irssi (0.8.19-1ubuntu1) xenial; urgency=medium * Merge from Debian. Remaining changes: - Re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03debian_firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. - d/control, d/rules: Drop libval-dev, not in Ubuntu main. -- Unit 193 <email address hidden> Thu, 24 Mar 2016 19:28:09 -0400
-
irssi (0.8.18-1ubuntu1) xenial; urgency=medium * Merge from Debian testing (LP: #1423499). Remaining changes: - Re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03debian_firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. - d/control, d/rules: Drop libval-dev, not in Ubuntu main. -- Unit 193 <email address hidden> Fri, 04 Mar 2016 00:46:08 -0500
-
irssi (0.8.17-1ubuntu2) xenial; urgency=medium * Rebuild for Perl 5.22.1. -- Colin Watson <email address hidden> Fri, 18 Dec 2015 12:50:33 +0000
-
irssi (0.8.17-1ubuntu1) vivid; urgency=low * Merge from Debian testing (LP: #1423499). Remaining changes: - Refreshed 03firsttimer_text to follow upstream changes to formatting. - Re-enabled 20fix_ssl_proxy_hostname_check. - Refreshed 90irc-ubuntu-com to follow upstream changes to config file formatting. irssi (0.8.17-1) unstable; urgency=medium * The AdaCamp Berlin upload, new upstream stable release. * Remove commit patches 41fab07 and 1cf7017 which are included in this release. irssi (0.8.17~rc1-1) experimental; urgency=medium * New upstream release which includes: - binding utf8 characters, removing the patch * Updated firstimer message patch. * README got renamed to README.md. * Compile with --enable-true-color. * Pull upstream commits 41fab07 and 1cf7017 to fix the colour black which got broken by extended colours. -- Daniel Watkins <email address hidden> Sun, 12 Oct 2014 09:44:38 +0000