[Bug 220544] irc/irssi: Update to 1.0.4 (security fixes)

Fri Jul 7 18:00:47 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220544

            Bug ID: 220544
           Summary: irc/irssi: Update to 1.0.4 (security fixes)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://irssi.org/security/irssi_sa_2017_07.txt
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: dor.bsd at xm0.uk, ports-secteam at FreeBSD.org
 Attachment #184158 maintainer-approval?(dor.bsd at xm0.uk)
             Flags:
             Flags: maintainer-feedback?(dor.bsd at xm0.uk), merge-quarterly?
                CC: dor.bsd at xm0.uk

Created attachment 184158
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=184158&action=edit
Update irssi to 1.0.4

Two security vulnerabilities have been found in irssi, fixed in v1.0.4 (update
patch attached):

* CVE-2017-10965

  When receiving messages with invalid time stamps, Irssi would try
  to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
  of Geeknik Labs. (CWE-690)

* CVE-2017-10966

  While updating the internal nick list, Irssi may incorrectly use
  the GHashTable interface and free the nick while updating it. This
  will then result in use-after-free conditions on each access of
  the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
  Labs. (CWE-416 caused by CWE-227)

* SA:

  https://irssi.org/security/irssi_sa_2017_07.txt

-- 
You are receiving this mail because:
You are the assignee for the bug.