* [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4
@ 2023-09-15 18:23 Fabrice Fontaine
2023-09-15 21:10 ` Yann E. MORIN
2023-09-24 18:40 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-09-15 18:23 UTC (permalink / raw)
To: buildroot; +Cc: Rodrigo Rebello, Fabrice Fontaine
Fix CVE-2023-29132: Irssi 1.3.x and 1.4.x before 1.4.4 has a
use-after-free because of use of a stale special collector reference.
This occurs when printing of a non-formatted line is concurrent with
printing of a formatted line.
https://irssi.org/NEWS/#news-v1-4-4
https://irssi.org/NEWS/#news-v1-4-3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
| 2 +-
| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index ecd339d83d..df72ee4d76 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
-sha256 79a4765d2dfe153c440a1775b074d5d0682b96814c7cf92325b5e15ce50e26a8 irssi-1.4.2.tar.xz
+sha256 fefe9ec8c7b1475449945c934a2360ab12693454892be47a6d288c63eb107ead irssi-1.4.4.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
--git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index c2d02289ad..6790bf0c96 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IRSSI_VERSION = 1.4.2
+IRSSI_VERSION = 1.4.4
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
IRSSI_SITE = https://codeberg.org/irssi/irssi/releases/download/$(IRSSI_VERSION)
IRSSI_LICENSE = GPL-2.0+
--
2.40.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4
2023-09-15 18:23 [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4 Fabrice Fontaine
@ 2023-09-15 21:10 ` Yann E. MORIN
2023-09-24 18:40 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2023-09-15 21:10 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Rodrigo Rebello, buildroot
Fabrice, All,
On 2023-09-15 20:23 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2023-29132: Irssi 1.3.x and 1.4.x before 1.4.4 has a
> use-after-free because of use of a stale special collector reference.
> This occurs when printing of a non-formatted line is concurrent with
> printing of a formatted line.
>
> https://irssi.org/NEWS/#news-v1-4-4
> https://irssi.org/NEWS/#news-v1-4-3
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/irssi/irssi.hash | 2 +-
> package/irssi/irssi.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
> index ecd339d83d..df72ee4d76 100644
> --- a/package/irssi/irssi.hash
> +++ b/package/irssi/irssi.hash
> @@ -1,4 +1,4 @@
> # Locally calculated after checking pgp signature
> -sha256 79a4765d2dfe153c440a1775b074d5d0682b96814c7cf92325b5e15ce50e26a8 irssi-1.4.2.tar.xz
> +sha256 fefe9ec8c7b1475449945c934a2360ab12693454892be47a6d288c63eb107ead irssi-1.4.4.tar.xz
> # Locally calculated
> sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
> diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
> index c2d02289ad..6790bf0c96 100644
> --- a/package/irssi/irssi.mk
> +++ b/package/irssi/irssi.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -IRSSI_VERSION = 1.4.2
> +IRSSI_VERSION = 1.4.4
> IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
> IRSSI_SITE = https://codeberg.org/irssi/irssi/releases/download/$(IRSSI_VERSION)
> IRSSI_LICENSE = GPL-2.0+
> --
> 2.40.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4
2023-09-15 18:23 [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4 Fabrice Fontaine
2023-09-15 21:10 ` Yann E. MORIN
@ 2023-09-24 18:40 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-09-24 18:40 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Rodrigo Rebello, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2023-29132: Irssi 1.3.x and 1.4.x before 1.4.4 has a
> use-after-free because of use of a stale special collector reference.
> This occurs when printing of a non-formatted line is concurrent with
> printing of a formatted line.
> https://irssi.org/NEWS/#news-v1-4-4
> https://irssi.org/NEWS/#news-v1-4-3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-24 18:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-15 18:23 [Buildroot] [PATCH 1/1] package/irssi: bump to version 1.4.4 Fabrice Fontaine
2023-09-15 21:10 ` Yann E. MORIN
2023-09-24 18:40 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox