Bug#879521: marked as done (irssi: multiple vulnerabilities fixed in irssi 1.0.5)

Sat, 18 Nov 2017 14:23:01 -0800 

Your message dated Sat, 18 Nov 2017 22:18:55 +0000
with message-id <e1egbrv-0005se...@fasolo.debian.org>
and subject line Bug#879521: fixed in irssi 0.8.17-1+deb8u5
has caused the Debian Bug report #879521,
regarding irssi: multiple vulnerabilities fixed in irssi 1.0.5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879521
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: irssi
Severity: grave
Tags: security
Justification: user security hole

Hi,

irssi 1.0.5 has been released, fixing multiple vulnerabilities

(a) When installing themes with unterminated colour formatting
    sequences, Irssi may access data beyond the end of the
    string. (CWE-126) Found by Hanno Böck.

    CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
    incorrectly fail to remove destroyed channels from the query list,
    resulting in use after free conditions when updating the state
    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

    CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
    pointer dereference. Found by Joseph Bisch. This is a separate,
    but similar issue to CVE-2017-9468. (CWE-690)

    CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
    while splitting the message. Found by Joseph Bisch. (CWE-690)

    CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
    is long enough, causing reads beyond the end of the string. Found
    by Joseph Bisch. (CWE-126)

    CVE-2017-15722 was assigned to this issue.

Can you prepare updates for sid, stretch and jessie (please coordinate with 
security team at t...@security.debian.org for the latter two)? Please add CVE 
numbers to the changelog so we can track them easily.

Regards,
-- 
Yves-Alexis
Debian security team

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Source: irssi
Source-Version: 0.8.17-1+deb8u5

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Nov 2017 22:57:01 +0100
Source: irssi
Binary: irssi irssi-dbg irssi-dev
Architecture: source
Version: 0.8.17-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Rhonda D'Vine <rho...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 867598 879521
Description: 
 irssi      - terminal based IRC client
 irssi-dbg  - terminal based IRC client (debugging symbols)
 irssi-dev  - terminal based IRC client - development files
Changes:
 irssi (0.8.17-1+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address IRSSI-SA-2017-07.
     - CVE-2017-10965: NULL pointer dereference when receiving messages
       with invalid timestamp.
     - CVE-2017-10966: Use after free after nicklist structure has been
       corrupted while updating a nick group.
     (Closes: #867598)
   * Address IRSSI-SA-2017-10.
     - CVE-2017-15228: Unterminated colour formatting sequences may cause
       data access beyond the end of the buffer.
     - CVE-2017-15227: Failure to remove destroyed channels from
       the query list while waiting for the channel synchronisation
       may result in use after free conditions when updating the
       state later on.
     - CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
       could cause NULL pointer dereference.
     - CVE-2017-15723: Overlong nicks or targets may result in a NULL
       pointer dereference while splitting the message.
     - CVE-2017-15722: Read beyond end of buffer may occur if a Safe
       channel ID is not long enough.
     (Closes: #879521)
Checksums-Sha1: 
 bcad573eb51b1e0b2c2267bcf21e40debf9a8160 2151 irssi_0.8.17-1+deb8u5.dsc
 cf97bb384b3f36703329ac1612c4f2dc182a1bdd 27372 irssi_0.8.17-1+deb8u5.diff.gz
Checksums-Sha256: 
 bc97705385b66c97397177bbb191a7313f09ec349206b3e30d82c9d6bf7c1c93 2151 
irssi_0.8.17-1+deb8u5.dsc
 d92970a38877b64ea2364aae5b56befd439dab6bf243b63c4e39584775e79702 27372 
irssi_0.8.17-1+deb8u5.diff.gz
Files: 
 91f8508a09a6ed850f85718568dd1e59 2151 net optional irssi_0.8.17-1+deb8u5.dsc
 ee65eea42cc98a7be56586f99dabea0a 27372 net optional 
irssi_0.8.17-1+deb8u5.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln6RC1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EnhkP/1eoyv7BG6z+s8VuoLl/P1+q3acSAQ9O
9r1naateTXcpxDADxxZeName66IrTY+oKKYWOohuaScebVa3Lzm+PdtcFDCUZYJW
OuDZL3qcBwO7ti0sKxfX8+vf8j6XKDnUjsFiTEueYDsXkf2wKhwKbzj57k/KHoi3
j7wp+aM89u5JqXQf8S3nGKVUdLB6MaZz7wDYJO0tdEKBlEn+Og6f850ykx7D23S9
63AfJtLXgGxc5e+pDO3qhWnSNZRvRb78AB1ID3c+eHIVxi1GbTPCPk+JEawsqPr6
ZwEP9oIYls2r8ODls9GADHAxuOUoXDuGUArL1EZKgwQSkJNEqlCntY4bje3nGCEx
XWYGUhuJwgsyt8RdBiLry7mRES2GbqGOAGf+blTE8TcStNac7slylUcbezCnB45H
CtFt3gYClIt9qr1a9KJgrywwVSS1ZiJ4JlDA34wuBOZBIyNxa9ZFXkq54ntAsNVT
f8eBdM5v1MVxjw5kVbO+S2KqowNByXzJwNU8dZS42hX1NOcHp9stk17ufKsj/mBA
p1TAp6wUGgRgT9M5M8p89etg2YxevmfqGKjzfUCbNvRm60BT6FLko+CuJHHis+fT
w8u0qajYaiIgOOEyNK2psCD93QIT9BZQ+BeXwoiHK503+AtcUjOhn0FENyX6aCIo
r1FoUT2XPZr2
=iaIQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to