[Secure-testing-team] Bug#876553: weechat: crash in logger plugin when converting date/time specifiers in file mask
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 23 16:52:28 UTC 2017
Source: weechat
Version: 1.9-1
Severity: important
Tags: security upstream
Hi
See https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Date/time conversion specifiers are expanded after replacing buffer
local variables in name of log files. In some cases, this can lead to
an error in function strftime and a crash caused by the use of an
uninitialized buffer.
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
A CVE has not yet been assigned.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list