[Buildroot] [PATCH] irssi: security bump to version 1.0.4
Peter Korsgaard
peter at korsgaard.com
Wed Jul 19 13:51:04 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> From the advisory:
> https://irssi.org/security/irssi_sa_2017_07.txt
> Two vulnerabilities have been located in Irssi.
> (a) When receiving messages with invalid time stamps, Irssi would try
> to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
> of Geeknik Labs. (CWE-690)
> CVE-2017-10965 [2] was assigned to this bug
> (b) While updating the internal nick list, Irssi may incorrectly use
> the GHashTable interface and free the nick while updating it. This
> will then result in use-after-free conditions on each access of
> the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
> Labs. (CWE-416 caused by CWE-227)
> CVE-2017-10966 [3] was assigned to this bug
> Impact
> ------
> (a) May result in denial of service (remote crash).
> (b) Undefined behaviour.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x and 2017.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list