| Summary: | <net-irc/weechat-1.9.1 crash caused by the use of an uninitialized buffer. | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | arthur, radhermit |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://weechat.org/download/security/ | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
Adjusting the summary... 1.9.1 added to the tree and stabilized. (In reply to Tim Harder from comment #2) > 1.9.1 added to the tree and stabilized. Thank you. @Security please vote. Gentoo Security Padawan ChrisADR GLSA Vote: No |
from ${URL}: Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer. > Workaround: Unload the logger plugin: /plugin unload logger Reference: https://weechat.org/news/98/20170923-Version-1.9.1-security-release/ Patch: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556 @maintainer(s), after bump, please call for stabilization if needed, thank you Daj Uan (jmbailey/mbailey_J) Gentoo Security Padawan