From https://bugzilla.redhat.com/show_bug.cgi?id=875181 : A buffer overflow can be exploited using IRC colors. The bug is fixed upstream: http://git.savannah.gnu.org/cgit/weechat.git/patch/?id=9453e81baa7935db82a0b765a47cba772aba730d
I have now bumped the weechat ebuild to version 0.3.9.1 that is supposed to include the fix for this vulnerability.
(In reply to comment #1) > I have now bumped the weechat ebuild to version 0.3.9.1 that is supposed to > include the fix for this vulnerability. Thanks, Daniel. May we proceed with stabilization?
(In reply to comment #2) > (In reply to comment #1) > > I have now bumped the weechat ebuild to version 0.3.9.1 that is supposed to > > include the fix for this vulnerability. > > Thanks, Daniel. May we proceed with stabilization? Yes, I'm going to look some more into this and test it so we can proceed with stabilization.
CVE assignment: http://www.openwall.com/lists/oss-security/2012/11/12/2
https://savannah.nongnu.org/bugs/?37764 please bump 0.3.9.2
Bumped.
Arches, please test and mark stable: =net-irc/weechat-0.3.9.2 Target keywords : "amd64 ppc x86"
CVE-2012-5854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5854): Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
amd64 stable
stable ppc
x86 stable
GLSA draft ready for review.
CVE-2012-5534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5534): The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
This issue was resolved and addressed in GLSA 201405-03 at http://security.gentoo.org/glsa/glsa-201405-03.xml by GLSA coordinator Sean Amoss (ackle).
