Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 616634 (CVE-2017-8073) - <net-irc/weechat-1.7.1: Buffer overflow in the irc_ctcp_dcc_filename_without_quotes function
Summary: <net-irc/weechat-1.7.1: Buffer overflow in the irc_ctcp_dcc_filename_without_...
Status: RESOLVED FIXED
Alias: CVE-2017-8073
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 596074
Blocks:
  Show dependency tree
 
Reported: 2017-04-26 07:59 UTC by Agostino Sarubbo
Modified: 2017-10-20 02:27 UTC (History)
3 users (show)

See Also:
Package list:
net-irc/weechat-1.7.1 dev-ruby/asciidoctor-1.5.5-r1 dev-scheme/guile-2.0.14-r2 dev-ruby/asciimath-1.0.4 dev-ruby/haml-4.0.7-r1 dev-ruby/slim-3.0.7-r1 dev-ruby/rails-4.2.8
Runtime testing required: ---
stable-bot: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-26 07:59:13 UTC 
From ${URL} :

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with 
a buffer overflow.

Upstream patch:

https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b

External References:

https://weechat.org/download/security/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Tim Harder gentoo-dev 2017-04-26 08:03:49 UTC 
It's already in the tree, feel free to stabilize it (x86 will need more deps keyworded as bug #596074 is lagging).
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-04-28 07:22:35 UTC 
Arches, please test and mark stable:

=net-irc/weechat-1.7.1

Target Keywords : "amd64 x86"

Thank you!
Comment 3 Stabilization helper bot gentoo-dev 2017-05-05 01:00:39 UTC 
An automated check of this bug failed - repoman reported dependency errors (51 lines truncated): 

> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-04 23:03:24 UTC 
*Retry*
Comment 5 Stabilization helper bot gentoo-dev 2017-06-05 00:00:41 UTC 
An automated check of this bug failed - repoman reported dependency errors (51 lines truncated): 

> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
Comment 6 Stabilization helper bot gentoo-dev 2017-06-05 11:01:01 UTC 
An automated check of this bug failed - repoman reported dependency errors (29 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
Comment 7 Stabilization helper bot gentoo-dev 2017-06-05 15:02:04 UTC 
An automated check of this bug failed - repoman reported dependency errors (87 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby21]', 'dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby21]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby21]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
Comment 8 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-26 20:22:21 UTC 

tested on amd64, weechat works well, the deps problems come with the "doc" USE flag which depends on asciidoctor and a lot of other dev-ruby packages that need to be tested.

@Arches please consider disabling doc flag until all the ruby deps can be solved.


Gentoo Security Padawan
ChrisADR
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2017-08-28 22:59:37 UTC 
hmm, haml wants rails as well (which was dropped to the testing branch some time ago).

@ruby, how should we proceed?
Comment 10 Stabilization helper bot gentoo-dev 2017-08-29 00:00:35 UTC 
An automated check of this bug failed - the following atom is unknown:

dev-scheme/guile-2.0.14

Please verify the atom list.
Comment 11 Stabilization helper bot gentoo-dev 2017-08-29 01:02:09 UTC 
An automated check of this bug failed - repoman reported dependency errors (116 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: RDEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
Comment 12 Stabilization helper bot gentoo-dev 2017-08-30 00:01:31 UTC 
An automated check of this bug failed - repoman reported dependency errors (116 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: RDEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
Comment 13 Hans de Graaff gentoo-dev Security 2017-09-02 07:27:00 UTC 
(In reply to Mikle Kolyada from comment #9)
> hmm, haml wants rails as well (which was dropped to the testing branch some
> time ago).
> 
> @ruby, how should we proceed?

The ruby team currently doesn't have the man-power to handle stable rails versions, see bug 574490. Even if we did it would take weeks to get the huge set of packages together.

Probably best to use.stable.package.mask the doc USE flag.
Comment 14 Tim Harder gentoo-dev 2017-09-02 12:09:09 UTC 
I'll ask upstream to just generate the docs in their release tarballs so we don't even have this issue in the future.
Comment 15 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-10 04:06:33 UTC 

https://github.com/weechat/weechat/issues/1062

The issue was closed, maybe is time to reconsider to mask doc flag to be able to close the report.

Gentoo Security Padawan
ChrisADR
Comment 16 Tim Harder gentoo-dev 2017-09-11 05:17:51 UTC 
(In reply to Christopher Díaz from comment #15)
> The issue was closed, maybe is time to reconsider to mask doc flag to be
> able to close the report.
> 
> Gentoo Security Padawan
> ChrisADR

Relevant USE flags now masked or stable masked and 1.9 stabilized for amd64 and x86 in the tree.
Comment 17 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-11 05:36:06 UTC 
(In reply to Tim Harder from comment #16)
> 
> Relevant USE flags now masked or stable masked and 1.9 stabilized for amd64
> and x86 in the tree.

Thank you very much. Tree is clean now.

@Security please add to an existing glsa or file a new one.

Gentoo Security Padawan
ChrisADR
Comment 18 Aaron Bauman (RETIRED) gentoo-dev 2017-09-17 20:21:44 UTC 
Downgraded due to remote crash.

GLSA Vote: No