On recommendation of Sébastien Helleu a.k.a. FlashCode on IRC Freenode
#weechat we should backport recent CVEs for 20.04 LTS:
$ gitlog v2.7..v2.7.1
5c0aa1aae 2020-02-20 20:45:08 +0100 N Sébastien Helleu Version 2.7.1
c827d6fa8 2020-02-14 08:14:31 +0100 N Sébastien Helleu irc: fix crash when
receiving a malformed message 352 (who)
694b5c9f8 2020-02-14 08:11:02 +0100 N Sébastien Helleu irc: fix crash when a
new message 005 is received with longer nick prefixes
51a739df6 2020-02-14 08:08:23 +0100 N Sébastien Helleu irc: fix crash when
receiving a malformed message 324 (channel mode) (CVE-2020-8955)
410a12b2a 2020-02-14 08:05:19 +0100 N Sébastien Helleu Version 2.7.1-dev
I've added them on top of my earlier patch for LP #1866065 ("weechat
python.so not linked against libpython3").
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8955
** Patch added: "python3: correctly find and link against libpython3.8,
CVE-2020-8955"
https://bugs.launchpad.net/ubuntu/+source/weechat/+bug/1872425/+attachment/5353143/+files/lp1872425.debdiff
** Changed in: weechat (Ubuntu)
Status: New => In Progress
** Changed in: weechat (Ubuntu)
Assignee: (unassigned) => TJ (tj)
** Summary changed:
- CVEs: backport 2.7.1 CVEs to 20.04 weechat-2.6
+ CVE-2020-8955: backport 2.7.1 CVEs to 20.04 weechat-2.6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872425
Title:
CVE-2020-8955: backport 2.7.1 CVEs to 20.04 weechat-2.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/weechat/+bug/1872425/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
