Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 714086 (CVE-2020-9759, CVE-2020-9760)

Summary: <net-irc/weechat-2.7.1: Multiple vulnerabilities (CVE-2020-{9759,9760})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gyakovlev
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://weechat.org/doc/security/
See Also: https://bugs.gentoo.org/show_bug.cgi?id=709452
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 16:53:38 UTC 
1) CVE-2020-9759
Description:
"An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash."

Patch: https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a

2) CVE-2020-9760
Description:
"An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick."

Patch: https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 16:55:39 UTC 
Note that CVE-2020-8955 (bug 709452) was patched in 2.7-r2 but the others were not in that bug so did not receive a patch.

@maintianer(s): please drop 2.7-r2 for cleanup and we're good. You can do a 2.7-r3 if you feel it is appropriate, but given 2.7.1 is already stable, it seems better to just drop the old one.
Comment 2 Larry the Git Cow gentoo-dev 2020-03-23 19:47:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8329f73882c3a757b26db8253041cc8d3c1b005

commit c8329f73882c3a757b26db8253041cc8d3c1b005
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-03-23 19:45:28 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-03-23 19:45:42 +0000

    net-irc/weechat: drop old
    
    Bug: https://bugs.gentoo.org/714086
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 net-irc/weechat/Manifest                      |   1 -
 net-irc/weechat/files/2.7-CVE-2020-8955.patch |  46 --------
 net-irc/weechat/weechat-2.7-r2.ebuild         | 158 --------------------------
 3 files changed, 205 deletions(-)
Comment 3 Georgy Yakovlev archtester gentoo-dev 2020-03-23 19:48:43 UTC 
no need to keep pre 2.7.1 versions. 2.7-r2 dropped.
please proceed.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 15:59:12 UTC 
New GLSA request filed.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:06:31 UTC 
This issue was resolved and addressed in
 GLSA 202003-51 at https://security.gentoo.org/glsa/202003-51
by GLSA coordinator Thomas Deutschmann (whissi).