[Bug 220544] irc/irssi: Update to 1.0.4 (security fixes)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jul 7 18:00:47 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220544
Bug ID: 220544
Summary: irc/irssi: Update to 1.0.4 (security fixes)
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://irssi.org/security/irssi_sa_2017_07.txt
OS: Any
Status: New
Keywords: patch, security
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: vlad-fbsd at acheronmedia.com
CC: dor.bsd at xm0.uk, ports-secteam at FreeBSD.org
Attachment #184158 maintainer-approval?(dor.bsd at xm0.uk)
Flags:
Flags: maintainer-feedback?(dor.bsd at xm0.uk), merge-quarterly?
CC: dor.bsd at xm0.uk
Created attachment 184158
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=184158&action=edit
Update irssi to 1.0.4
Two security vulnerabilities have been found in irssi, fixed in v1.0.4 (update
patch attached):
* CVE-2017-10965
When receiving messages with invalid time stamps, Irssi would try
to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
of Geeknik Labs. (CWE-690)
* CVE-2017-10966
While updating the internal nick list, Irssi may incorrectly use
the GHashTable interface and free the nick while updating it. This
will then result in use-after-free conditions on each access of
the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
Labs. (CWE-416 caused by CWE-227)
* SA:
https://irssi.org/security/irssi_sa_2017_07.txt
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list