Project

General

Profile

Bug #7395

Bug #7393: irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)

[3.6] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)

Added by Alicha CH over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
06/07/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-9468: When receiving a DCC message without source nick/host, Irssi would
attempt to dereference a NULL pointer.

Fixed in:

Irssi 1.0.3

Reference:

https://irssi.org/security/irssi_sa_2017_06.txt

Patch

https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55

CVE-2017-9469: When receiving certain incorrectly quoted DCC files, Irssi would
try to find the terminating quote one byte before the allocated memory.

Fixed in:

Irssi 1.0.3

Reference:

https://irssi.org/security/irssi_sa_2017_06.txt

Patch

https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55

Associated revisions

Revision 19354120 (diff)
Added by Leonardo Arena over 1 year ago

main/irssi: security upgrade to 1.0.3 (CVE-2017-9468, CVE-2017-9469)

Fixes #7395

History

#1 Updated by Anonymous over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH over 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF