Comment 1 Alex Legler (RETIRED) 2010-04-22 17:38:51 UTC

Fixing summary.
Sven: Please advise.

Comment 2 Alex Legler (RETIRED) 2010-04-22 17:39:16 UTC

CVE-2010-1155 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1155):
  Irssi before 0.8.15, when SSL is used, does not verify that the
  server hostname matches a domain name in the subject's Common Name
  (CN) field or a Subject Alternative Name field of the X.509
  certificate, which allows man-in-the-middle attackers to spoof IRC
  servers via an arbitrary certificate.

CVE-2010-1156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1156):
  core/nicklist.c in Irssi before 0.8.15 allows remote attackers to
  cause a denial of service (NULL pointer dereference and application
  crash) via vectors related to an attempted fuzzy nick match at the
  instant that a victim leaves a channel.

Comment 3 Sven Wegener 2010-04-23 14:00:07 UTC

(In reply to comment #0)
> Sven, can 0.8.15 go stable?

Yes, I've been using it without problems since it has been commited.

Comment 4 Alex Legler (RETIRED) 2010-04-23 14:40:59 UTC

Arches, please test and mark stable:
=net-irc/irssi-0.8.15
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 5 Jeroen Roovers (RETIRED) 2010-04-23 16:59:17 UTC

Stable for HPPA.

Comment 6 Tobias Heinlein (RETIRED) 2010-04-23 17:24:49 UTC

amd64 stable.

Comment 7 Thomas Kahle (RETIRED) 2010-04-23 18:07:14 UTC

All useflag combinations built,
net-irc/irssi-otr successfully built against it.
-> Looking good on x86.

Comment 8 Raúl Porcel (RETIRED) 2010-04-24 19:59:40 UTC

alpha/arm/ia64/s390/sh/sparc/x86 stable

Comment 9 Brent Baude (RETIRED) 2010-04-30 14:22:39 UTC

ppc done

Comment 10 Brent Baude (RETIRED) 2010-04-30 14:24:15 UTC

ppc64 done; closing as last arch

Comment 11 Tomás Touceda (RETIRED) 2010-04-30 14:34:08 UTC

This is a security bug, reopening.

Comment 12 Stefan Behte (RETIRED) 2010-08-01 13:33:10 UTC

Vote: no.

Comment 13 Tobias Heinlein (RETIRED) 2010-08-14 14:57:57 UTC

NO too, closing.