Change logs for irssi source package in Zesty
-
irssi (0.8.20-2ubuntu2.3) zesty-security; urgency=medium * SECURITY UPDATE: buffer overread via incomplete escape codes - debian/patches/CVE-2018-5205.patch: check for complete char in src/core/misc.c. - CVE-2018-5205 * SECURITY UPDATE: NULL dereference via setting channel topic without specifying a sender - debian/patches/CVE-2018-5206.patch: do not record topic change time when sender is blank in src/irc/core/channel-events.c. - CVE-2018-5206 * SECURITY UPDATE: buffer overread via incomplete variable argument - debian/patches/CVE-2018-5207.patch: disable variable arguments code in src/core/special-vars.c. - CVE-2018-5207 * SECURITY UPDATE: heap overflow in completion code - debian/patches/CVE-2018-5208.patch: check for direct match of separator in src/fe-common/core/completion.c. - CVE-2018-5208 -- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:40:23 -0500 -
irssi (0.8.20-2ubuntu2.2) zesty-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-1096x.patch: check return value of localtime in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c. - CVE-2017-10965 - CVE-2017-10966 * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-15xxx.patch: address security issues in src/core/recode.c, src/fe-common/core/themes.c, src/irc/core/channel-events.c, src/irc/core/channels-query.c, src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c, src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c. - CVE-2017-15227 - CVE-2017-15228 - CVE-2017-15721 - CVE-2017-15722 - CVE-2017-15723 -- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 07:58:29 -0400 -
irssi (0.8.20-2ubuntu2.1) zesty-security; urgency=medium * SECURITY UPDATE: DoS via DCC message without source nick/host - debian/patches/CVE-2017-9468.patch: check addr in src/irc/dcc/dcc-get.c. - CVE-2017-9468 * SECURITY UPDATE: DoS via incorrectly quoted DCC files - debian/patches/CVE-2017-9469.patch: Fix oob read of one byte in src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-resume.c. - CVE-2017-9469 -- Marc Deslauriers <email address hidden> Thu, 08 Jun 2017 15:14:30 -0400 -
irssi (0.8.20-2ubuntu2) zesty; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2017-5xxx.patch: properly handle strings in src/fe-common/core/formats.c, handle utf8 errors in src/fe-text/term-terminfo.c, properly handle invalid nicks in src/irc/core/irc-nicklist.c, make sure nick is valid in src/irc/core/irc-queries.c. - CVE-2017-5193 - CVE-2017-5194 - CVE-2017-5195 - CVE-2017-5196 - CVE-2017-5356 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 12:52:09 -0500 -
irssi (0.8.20-2ubuntu1) zesty; urgency=low * Merge from Debian. Remaining changes: - Re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. irssi (0.8.20-2) unstable; urgency=high * New patch 23fix-buf.pl to fix an information exposure issue involved with using buf.pl and /upgrade. irssi (0.8.20-1) unstable; urgency=critical * New upstream security release. * Fix heap corruption and missing bounds checks (CVE-2016-7044 CVE-2016-7045) irssi (0.8.19-2) unstable; urgency=low * Bump Standards-Version to 3.9.8. * Drop DANE support, libval changed and doesn't offer that interface anymore. * Drop -dbg package in favor of the automatically created dbgsym one. -- Iain Lane <email address hidden> Wed, 07 Dec 2016 16:26:11 +0000 -
irssi (0.8.19-1ubuntu3) zesty; urgency=medium * No-change rebuild for perl 5.24 transition -- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:09:47 +0100
-
irssi (0.8.19-1ubuntu2) yakkety; urgency=medium * SECURITY UPDATE: Fix color format decoding (LP: #1624068): - Add debian/patches/91fix-color-formatting: + fix unformat_24bit_color (CVE-2016-7044) + fix format_send_to_gui (CVE-2016-7045) -- Kees Cook <email address hidden> Thu, 15 Sep 2016 11:43:53 -0700
