Multiple OOB reads: * Fix oob read caused by ptr[0] being NULL in inbound_notice Patch: https://github.com/hexchat/hexchat/commit/f4a592c4f0364d35068bca9f2634946750340356 * Fix out of bounds read when DCC message sender contains quotes (unlikely to be triggerable by another user?) Patch: https://github.com/hexchat/hexchat/commit/f6333b592b0d574d68e96d04a09a6cae956ee6c3 * Fix possible out of bounds read when being ctcp flooded (unlikely to be triggerable by another user?) Patch: https://github.com/hexchat/hexchat/commit/6e4fc09ce005db965523ef8930ea51ca429815a2 * Fix oob read in ctcp_check Patch: https://github.com/hexchat/hexchat/commit/a3db4e577307742965f5ba75daf03146164bd211 ---- Several other memcpy fixes were included and general memory handling was improved in this release. Fixed in 2.14.0, stabilisation occurred in bug 715996. Thanks for Polynomial-C for fixing this and stabilising on IRC before I had a chance to file formally!
@maintainer(s), please cleanup. Thanks again for sorting this out via IRC before you had full details. It is appreciated.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fb1874f5ac33882ae1cad2c991bceb0e9620b1c commit 9fb1874f5ac33882ae1cad2c991bceb0e9620b1c Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-04-08 08:39:02 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-04-08 08:39:02 +0000 net-irc/hexchat: Security cleanup Bug: https://bugs.gentoo.org/716666 Package-Manager: Portage-2.3.97, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-irc/hexchat/Manifest | 3 - .../files/hexchat-2.12.4-configure.ac.patch | 319 --------------------- .../hexchat/files/hexchat-2.12.4-libressl.patch | 29 -- net-irc/hexchat/hexchat-2.12.4-r2.ebuild | 132 --------- net-irc/hexchat/hexchat-2.14.1.ebuild | 135 --------- net-irc/hexchat/hexchat-2.14.2.ebuild | 137 --------- 6 files changed, 755 deletions(-)
GLSA Vote: No Repository is clean, all done!