Summary: | <net-irc/irssi-1.0.3: multiple vulnerabilities (CVE-2017-{9468,9469}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | monsieurp, swegener |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/06/06/4 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-irc/irssi-1.0.3
|
Runtime testing required: | --- |
Bug Depends on: | 624100 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-06-08 07:42:02 UTC
Hi! @Security: the package is indeed already in the tree and ready for stabilisation. @Arch teams: please mark stable ASAP net-irc/irssi-1.0.3. Thanks! To make things happen faster i suggest to populate 'Package list' field. ia64 stable amd64 stable x86 stable CVE-2017-9469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9469): In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. CVE-2017-9468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9468): In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. Stable on alpha. ppc stable ppc64 stable arm stable sparc stable |