Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714086 (CVE-2020-9759, CVE-2020-9760) - <net-irc/weechat-2.7.1: Multiple vulnerabilities (CVE-2020-{9759,9760})
Summary: <net-irc/weechat-2.7.1: Multiple vulnerabilities (CVE-2020-{9759,9760})
Status: RESOLVED FIXED
Alias: CVE-2020-9759, CVE-2020-9760
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://weechat.org/doc/security/
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-23 16:53 UTC by Sam James
Modified: 2020-03-25 16:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-23 16:53:38 UTC
1) CVE-2020-9759
Description:
"An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash."

Patch: https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a

2) CVE-2020-9760
Description:
"An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick."

Patch: https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
Comment 1 Sam James archtester gentoo-dev Security 2020-03-23 16:55:39 UTC
Note that CVE-2020-8955 (bug 709452) was patched in 2.7-r2 but the others were not in that bug so did not receive a patch.

@maintianer(s): please drop 2.7-r2 for cleanup and we're good. You can do a 2.7-r3 if you feel it is appropriate, but given 2.7.1 is already stable, it seems better to just drop the old one.
Comment 2 Larry the Git Cow gentoo-dev 2020-03-23 19:47:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8329f73882c3a757b26db8253041cc8d3c1b005

commit c8329f73882c3a757b26db8253041cc8d3c1b005
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-03-23 19:45:28 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-03-23 19:45:42 +0000

    net-irc/weechat: drop old
    
    Bug: https://bugs.gentoo.org/714086
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 net-irc/weechat/Manifest                      |   1 -
 net-irc/weechat/files/2.7-CVE-2020-8955.patch |  46 --------
 net-irc/weechat/weechat-2.7-r2.ebuild         | 158 --------------------------
 3 files changed, 205 deletions(-)
Comment 3 Georgy Yakovlev gentoo-dev 2020-03-23 19:48:43 UTC
no need to keep pre 2.7.1 versions. 2.7-r2 dropped.
please proceed.
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-03-25 15:59:12 UTC
New GLSA request filed.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:06:31 UTC
This issue was resolved and addressed in
 GLSA 202003-51 at https://security.gentoo.org/glsa/202003-51
by GLSA coordinator Thomas Deutschmann (whissi).