[Secure-testing-team] Bug#864400: irssi: CVE-2017-9468 CVE-2017-9469
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 8 05:28:18 UTC 2017
Source: irssi
Version: 0.8.17-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for irssi.
CVE-2017-9468[0]:
| In Irssi before 1.0.3, when receiving a DCC message without source
| nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC
| servers can cause a crash.
CVE-2017-9469[1]:
| In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC
| files, it tries to find the terminating quote one byte before the
| allocated memory. Thus, remote attackers might be able to cause a
| crash.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
[1] https://security-tracker.debian.org/tracker/CVE-2017-9469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
[2] https://irssi.org/security/irssi_sa_2017_06.txt
[3] https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
Regards,
Salvatore
More information about the Secure-testing-team
mailing list