[Secure-testing-team] Bug#861121: weechat: CVE-2017-8073
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 24 19:37:55 UTC 2017
Source: weechat
Version: 1.0.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for weechat.
CVE-2017-8073[0]:
| WeeChat before 1.7.1 allows a remote crash by sending a filename via
| DCC to the IRC plugin. This occurs in the
| irc_ctcp_dcc_filename_without_quotes function during quote removal,
| with a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
[1] https://weechat.org/news/95/20170422-Version-1.7.1/
[2] https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
Regards,
Salvatore
More information about the Secure-testing-team
mailing list