[3.6] weechat: crash in logger plugin when converting date/time specifiers in file mask (CVE-2017-14727)
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
Fixed in:
weechat 1.9.1
References:
https://weechat.org/download/security/
https://nvd.nist.gov/vuln/detail/CVE-2017-14727
Patch:
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
(from redmine: issue id 7929, created on 2017-09-27, closed on 2017-10-24)
- Relations:
- parent #7928 (closed)
- Changesets:
- Revision b57c7764 on 2017-10-23T14:16:44Z:
main/weechat: security fix (CVE-2017-14727)
fixes #7929