[Bug 1754781] [NEW] Please merge the latest bug release, 1.0.7-1, from Debian
Launchpad Bug Tracker
1754781 at bugs.launchpad.net
Fri Mar 9 23:21:13 UTC 2018
You have been subscribed to a public bug by Unit 193 (unit193):
While the version in Bionic contains the CVE fixes, it would be nice to
ship the latest bugfix release in the 1.0.x series.
dget
https://launchpad.net/~unit193/+archive/ubuntu/staging/+files/irssi_1.0.7-1ubuntu1.dsc
Source: irssi
Version: 1.0.7-1ubuntu1
Distribution: devel
Urgency: high
Maintainer: Unit 193 <unit193 at ubuntu.com>
Timestamp: 1520636093
Date: Fri, 09 Mar 2018 17:54:53 -0500
Closes: 886475 890674 890675 890676 890677 890678
Changes:
irssi (1.0.7-1ubuntu1) devel; urgency=medium
.
* Merge from Debian. Remaining changes:
- Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
- When we have a proxy setting, we expect the CN to match
the proxy hostname, not the server hostname.
- d/p/90irc-ubuntu-com:
+ Add the Ubuntu network with irc.ubuntu.com as the server,
which is currently a CNAME for chat.freenode.net.
- d/p/03firsttimer_text:
+ Adapt 03firsttimer_text so it tells you about
connecting to Ubuntu and joining #ubuntu.
* Changes no longer needed:
- d/p/CVE-2018-xxxx.patch: Applied upstream.
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
** Affects: irssi (Ubuntu)
Importance: Undecided
Status: New
--
Please merge the latest bug release, 1.0.7-1, from Debian
https://bugs.launchpad.net/bugs/1754781
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list