"An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash."
"An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick."
Note that CVE-2020-8955 (bug 709452) was patched in 2.7-r2 but the others were not in that bug so did not receive a patch.
@maintianer(s): please drop 2.7-r2 for cleanup and we're good. You can do a 2.7-r3 if you feel it is appropriate, but given 2.7.1 is already stable, it seems better to just drop the old one.
The bug has been referenced in the following commit(s):
Author: Georgy Yakovlev <email@example.com>
AuthorDate: 2020-03-23 19:45:28 +0000
Commit: Georgy Yakovlev <firstname.lastname@example.org>
CommitDate: 2020-03-23 19:45:42 +0000
net-irc/weechat: drop old
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Georgy Yakovlev <email@example.com>
net-irc/weechat/Manifest | 1 -
net-irc/weechat/files/2.7-CVE-2020-8955.patch | 46 --------
net-irc/weechat/weechat-2.7-r2.ebuild | 158 --------------------------
3 files changed, 205 deletions(-)
no need to keep pre 2.7.1 versions. 2.7-r2 dropped.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202003-51 at https://security.gentoo.org/glsa/202003-51
by GLSA coordinator Thomas Deutschmann (whissi).