[3.2] irssi: crash and heap corruption vulnerabilites (CVE-2016-7044, CVE-2016-7045)
CVE-2016-7044: Unchecked input in unformat_24bit_color() can lead to crash
CVE-2016-7045: String length not validated in format_send_to_gui() causing crash
Fixed In Version:
irssi 0.8.20
Reference:
https://irssi.org/security/irssi\_sa\_2016.txt
(from redmine: issue id 6213, created on 2016-09-22, closed on 2016-10-25)
- Relations:
- parent #6211 (closed)
- Changesets:
- Revision b37c51d9 on 2016-10-19T08:13:45Z:
main/irssi: security upgrade to 0.8.20 (CVE-2016-7044, CVE-2016-7045)
Fixes #6213