[Secure-testing-team] Bug#853282: bitlbee: Incomplete fix for "Null pointer dereference with file transfer request from unknown contacts" issue
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 31 07:37:01 UTC 2017
Package: bitlbee
Version: --src
Severity: important
Tags: upstream security patch
Hi
The fix applied for upstream bug https://bugs.bitlbee.org/ticket/1282
was incomplete and resulted in the followup:
https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
Details in: http://www.openwall.com/lists/oss-security/2017/01/30/4
(which will probably result in three CVEs for bitlbee, I will update
the security tracker once assigned).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list