[ubuntu/bionic-proposed] irssi 1.0.5-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jan 8 20:02:12 UTC 2018 

irssi (1.0.5-1ubuntu2) bionic; urgency=medium

  * SECURITY UPDATE: buffer overread via incomplete escape codes
    - debian/patches/CVE-2018-5205.patch: check for complete char in
      src/core/misc.c.
    - CVE-2018-5205
  * SECURITY UPDATE: NULL dereference via setting channel topic without
    specifying a sender
    - debian/patches/CVE-2018-5206.patch: do not record topic change time
      when sender is blank in src/irc/core/channel-events.c.
    - CVE-2018-5206
  * SECURITY UPDATE: buffer overread via incomplete variable argument
    - debian/patches/CVE-2018-5207.patch: disable variable arguments code
      in src/core/special-vars.c.
    - CVE-2018-5207
  * SECURITY UPDATE: heap overflow in completion code
    - debian/patches/CVE-2018-5208.patch: check for direct match of
      separator in src/fe-common/core/completion.c.
    - CVE-2018-5208

Date: Mon, 08 Jan 2018 14:30:45 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/irssi/1.0.5-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jan 2018 14:30:45 -0500
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.5-1ubuntu2
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Changes:
 irssi (1.0.5-1ubuntu2) bionic; urgency=medium
 .
   * SECURITY UPDATE: buffer overread via incomplete escape codes
     - debian/patches/CVE-2018-5205.patch: check for complete char in
       src/core/misc.c.
     - CVE-2018-5205
   * SECURITY UPDATE: NULL dereference via setting channel topic without
     specifying a sender
     - debian/patches/CVE-2018-5206.patch: do not record topic change time
       when sender is blank in src/irc/core/channel-events.c.
     - CVE-2018-5206
   * SECURITY UPDATE: buffer overread via incomplete variable argument
     - debian/patches/CVE-2018-5207.patch: disable variable arguments code
       in src/core/special-vars.c.
     - CVE-2018-5207
   * SECURITY UPDATE: heap overflow in completion code
     - debian/patches/CVE-2018-5208.patch: check for direct match of
       separator in src/fe-common/core/completion.c.
     - CVE-2018-5208
Checksums-Sha1:
 575d409e6a97fa9050bd871bc0ab76124b5c432b 2226 irssi_1.0.5-1ubuntu2.dsc
 a7811ca16f4735dfb5290d72f9a41f3989461951 24892 irssi_1.0.5-1ubuntu2.debian.tar.xz
 760a3aed060c55965cedec795833c43539641930 6766 irssi_1.0.5-1ubuntu2_source.buildinfo
Checksums-Sha256:
 94a485c5307272adad5a6e366dfe594c131f045d49c679b1b70b1aad0d2163e9 2226 irssi_1.0.5-1ubuntu2.dsc
 8f8e96713a09d39195bf8a0e3e306e8a92f5e88cd20bde35867ded0382333304 24892 irssi_1.0.5-1ubuntu2.debian.tar.xz
 e3cf12be6b2e413037304e68a224d72e00cb9a9d8f28e9232060a88fff10a0f2 6766 irssi_1.0.5-1ubuntu2_source.buildinfo
Files:
 6fc6c76e70fa49a74bb1e9476aab099b 2226 net optional irssi_1.0.5-1ubuntu2.dsc
 511fce8a5b4f521839520cb2e5c81692 24892 net optional irssi_1.0.5-1ubuntu2.debian.tar.xz
 d1e58ad5c2dea66adc9478b400119f09 6766 net optional irssi_1.0.5-1ubuntu2_source.buildinfo
Original-Maintainer: Rhonda D'Vine <rhonda at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJaU84AAAoJEGVp2FWnRL6TY0IP/jyb7qMeKEgebaNTFBuNHfvJ
7l0+TqP0ZJcau+tdDGxxIpebIfs/tvoVS0TBpMvrhma7Y8z4FgTZU1QQ7fN/43vN
ls9ab2GKCgUzsCHaU4EkKw24la5Enpm9hWI5c/ZQ6RV1Y3ypEpYTlg39lCs6yX96
3WZZra2w9LAWY6inxMdBK48SGtYwSNRSwkruwaw9WpOcHdrWkyLWXqUAYBNP0DcP
/wUfbBTVUekkJT4VfXnIUPwmFM2xOySwueSHkceB5hdKZhFSghC4pggMlI9NPzj3
dMPxbndNZw6Eo3DjisUJHgxjpd6XX8Iqp+pbhpggVFmF3/YJSZlRk++Uu5MOOpsR
sgtnINfUMogvPTZ6vqwoRQTPPOh0tXfMTty593R8K5R3+SHOn05TBoIOg+jzBt23
eb5a1sRyATmhayIBqJiD9iCTzJvBmY8fG1Q1n3/FFfU9waZ4XjUTVgQ3zYmG7IbZ
xsCb790KFHvm01Bq+tqJSQRyE7uT0wbrrWW4CmW9LHQwTgXI8d0k9KWcPM2dwQIn
5LutWqad0anC0wG/NRnmcoNNkJKOTjrmplrxyD5HoYL3NAX3JvOYG1cxQGMr0yHQ
yIz1DMfVEOJX8bIH1WNq0p875LXg7xPFabCJi5RiL7zUBHKnaZtFgVlbrN+2Q2/8
BtSIq0BS20IBNtWIjsRl
=CZIF
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list