[Buildroot] [PATCH] irssi: security bump to version 1.0.6

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] irssi: security bump to version 1.0.6
@ 2018-01-07 21:03 Peter Korsgaard
  2018-01-07 22:47 ` Thomas Petazzoni
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-07 21:03 UTC (permalink / raw)
  To: buildroot

From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):

Multiple vulnerabilities have been located in Irssi.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/irssi/irssi.hash | 2 +-
 package/irssi/irssi.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index 0a6c3f614a..83dde00352 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256	c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914  irssi-1.0.5.tar.xz
+sha256	029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585  irssi-1.0.6.tar.xz
 # Locally calculated
 sha256	a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b  COPYING
diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index f9450783bc..d49b5d7e46 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 1.0.5
+IRSSI_VERSION = 1.0.6
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] irssi: security bump to version 1.0.6
  2018-01-07 21:03 [Buildroot] [PATCH] irssi: security bump to version 1.0.6 Peter Korsgaard
@ 2018-01-07 22:47 ` Thomas Petazzoni
  2018-01-08 21:54 ` Peter Korsgaard
  2018-01-30 12:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2018-01-07 22:47 UTC (permalink / raw)
  To: buildroot

Hello,

On Sun,  7 Jan 2018 22:03:18 +0100, Peter Korsgaard wrote:
> From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
> 
> Multiple vulnerabilities have been located in Irssi.
> 
> (a) When the channel topic is set without specifying a sender, Irssi
>     may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
> 
>     CVE-2018-5206 was assigned to this issue.
> 
> (b) When using incomplete escape codes, Irssi may access data beyond
>     the end of the string. (CWE-126) Found by Joseph Bisch.
> 
>     CVE-2018-5205 was assigned to this issue.
> 
> (c) A calculation error in the completion code could cause a heap
>     buffer overflow when completing certain strings. (CWE-126) Found
>     by Joseph Bisch.
> 
>     CVE-2018-5208 was assigned to this issue.
> 
> (d) When using an incomplete variable argument, Irssi may access data
>     beyond the end of the string. (CWE-126) Found by Joseph Bisch.
> 
>     CVE-2018-5207 was assigned to this issue.
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/irssi/irssi.hash | 2 +-
>  package/irssi/irssi.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] irssi: security bump to version 1.0.6
  2018-01-07 21:03 [Buildroot] [PATCH] irssi: security bump to version 1.0.6 Peter Korsgaard
  2018-01-07 22:47 ` Thomas Petazzoni
@ 2018-01-08 21:54 ` Peter Korsgaard
  2018-01-30 12:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-08 21:54 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
 > Multiple vulnerabilities have been located in Irssi.

 > (a) When the channel topic is set without specifying a sender, Irssi
 >     may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

 >     CVE-2018-5206 was assigned to this issue.

 > (b) When using incomplete escape codes, Irssi may access data beyond
 >     the end of the string. (CWE-126) Found by Joseph Bisch.

 >     CVE-2018-5205 was assigned to this issue.

 > (c) A calculation error in the completion code could cause a heap
 >     buffer overflow when completing certain strings. (CWE-126) Found
 >     by Joseph Bisch.

 >     CVE-2018-5208 was assigned to this issue.

 > (d) When using an incomplete variable argument, Irssi may access data
 >     beyond the end of the string. (CWE-126) Found by Joseph Bisch.

 >     CVE-2018-5207 was assigned to this issue.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2017.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] irssi: security bump to version 1.0.6
  2018-01-07 21:03 [Buildroot] [PATCH] irssi: security bump to version 1.0.6 Peter Korsgaard
  2018-01-07 22:47 ` Thomas Petazzoni
  2018-01-08 21:54 ` Peter Korsgaard
@ 2018-01-30 12:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-30 12:20 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
 > Multiple vulnerabilities have been located in Irssi.

 > (a) When the channel topic is set without specifying a sender, Irssi
 >     may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

 >     CVE-2018-5206 was assigned to this issue.

 > (b) When using incomplete escape codes, Irssi may access data beyond
 >     the end of the string. (CWE-126) Found by Joseph Bisch.

 >     CVE-2018-5205 was assigned to this issue.

 > (c) A calculation error in the completion code could cause a heap
 >     buffer overflow when completing certain strings. (CWE-126) Found
 >     by Joseph Bisch.

 >     CVE-2018-5208 was assigned to this issue.

 > (d) When using an incomplete variable argument, Irssi may access data
 >     beyond the end of the string. (CWE-126) Found by Joseph Bisch.

 >     CVE-2018-5207 was assigned to this issue.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2018-01-30 12:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-07 21:03 [Buildroot] [PATCH] irssi: security bump to version 1.0.6 Peter Korsgaard
2018-01-07 22:47 ` Thomas Petazzoni
2018-01-08 21:54 ` Peter Korsgaard
2018-01-30 12:20 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox