[Bug 1685561] [NEW] Please merge irssi-1.0.2-1 (main) from Debian unstable (main)

Unit 193 1685561 at bugs.launchpad.net
Sat Apr 22 23:30:50 UTC 2017 

Public bug reported:

Changes since last merge:

irssi (1.0.2-1) unstable; urgency=high

  * New upstream pure bugfix release:
    - Prevent some null-pointer crashes.
    - Fix compilation with OpenSSL 1.1.0.
    - Correct dereferencing of already freed server objects during
      output of netjoins. Found by APic. (closes: #857502)
    - Fix in command arg parser to detect missing arguments in tail place.
    - Fix regression that broke incoming DCC file transfers.
    - Fix issue with escaping \ in evaluated strings.

 -- Rhonda D'Vine <rhonda at debian.org>  Sat, 11 Mar 2017 10:52:54 +0100

irssi (1.0.1-1) unstable; urgency=high

  * New upstream pure bugfix release:
    - Fix Perl compilation in object dir.
    - Disable EC cryptography on Solaris to fix build.
    - Fix incorrect HELP SERVER example.
    - Correct memory leak in /OP and /VOICE.
    - Fix regression that broke second level completion.
    - Correct missing NULL termination in perl_parse.
    - Sync broken mail.pl script.

 -- Rhonda D'Vine <rhonda at debian.org>  Mon, 06 Feb 2017 08:07:55 +0100

irssi (1.0.0-1) unstable; urgency=medium

  * New upstream release.
  * Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward
    compatibility to not require modules using these functions to change code.
  * Update patch 22fix-perl-hardening.

 -- Rhonda D'Vine <rhonda at debian.org>  Sun, 08 Jan 2017 01:08:23 +0100

irssi (0.8.21-1) unstable; urgency=medium

  * New upstream security release (Closes: #850403):
    - CVE-2017-5193: NULL pointer dereference in the nickcmp function
    - CVE-2017-5194: Use-after-freee when receiving invalid nick message
    - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes
    - CVE-2017-5196: Out-of-bounds read in certain incomplete character
      sequences
  * Remove patch 23fix-buf.pl which is included in upstream release.
  * Set PACKAGE_VERSION for configure as suggested by upstream.

 -- Rhonda D'Vine <rhonda at debian.org>  Thu, 05 Jan 2017 10:26:08 +0100

** Affects: irssi (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "irssi_ubuntu.debdiff"
   https://bugs.launchpad.net/bugs/1685561/+attachment/4866626/+files/irssi_ubuntu.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to irssi in Ubuntu.
https://bugs.launchpad.net/bugs/1685561

Title:
  Please merge irssi-1.0.2-1 (main) from Debian unstable (main)

Status in irssi package in Ubuntu:
  New

Bug description:
  Changes since last merge:

  irssi (1.0.2-1) unstable; urgency=high

    * New upstream pure bugfix release:
      - Prevent some null-pointer crashes.
      - Fix compilation with OpenSSL 1.1.0.
      - Correct dereferencing of already freed server objects during
        output of netjoins. Found by APic. (closes: #857502)
      - Fix in command arg parser to detect missing arguments in tail place.
      - Fix regression that broke incoming DCC file transfers.
      - Fix issue with escaping \ in evaluated strings.

   -- Rhonda D'Vine <rhonda at debian.org>  Sat, 11 Mar 2017 10:52:54 +0100

  irssi (1.0.1-1) unstable; urgency=high

    * New upstream pure bugfix release:
      - Fix Perl compilation in object dir.
      - Disable EC cryptography on Solaris to fix build.
      - Fix incorrect HELP SERVER example.
      - Correct memory leak in /OP and /VOICE.
      - Fix regression that broke second level completion.
      - Correct missing NULL termination in perl_parse.
      - Sync broken mail.pl script.

   -- Rhonda D'Vine <rhonda at debian.org>  Mon, 06 Feb 2017 08:07:55 +0100

  irssi (1.0.0-1) unstable; urgency=medium

    * New upstream release.
    * Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward
      compatibility to not require modules using these functions to change code.
    * Update patch 22fix-perl-hardening.

   -- Rhonda D'Vine <rhonda at debian.org>  Sun, 08 Jan 2017 01:08:23 +0100

  irssi (0.8.21-1) unstable; urgency=medium

    * New upstream security release (Closes: #850403):
      - CVE-2017-5193: NULL pointer dereference in the nickcmp function
      - CVE-2017-5194: Use-after-freee when receiving invalid nick message
      - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes
      - CVE-2017-5196: Out-of-bounds read in certain incomplete character
        sequences
    * Remove patch 23fix-buf.pl which is included in upstream release.
    * Set PACKAGE_VERSION for configure as suggested by upstream.

   -- Rhonda D'Vine <rhonda at debian.org>  Thu, 05 Jan 2017 10:26:08 +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irssi/+bug/1685561/+subscriptions

More information about the foundations-bugs mailing list