Your message dated Thu, 8 Jun 2017 16:14:34 +0200 with message-id <[email protected]> and subject line 1.0.3-1 uploaded has caused the Debian Bug report #864400, regarding irssi: CVE-2017-9468 CVE-2017-9469 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 864400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864400 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: irssi Version: 0.8.17-1 Severity: important Tags: security upstream patch Hi, the following vulnerabilities were published for irssi. CVE-2017-9468[0]: | In Irssi before 1.0.3, when receiving a DCC message without source | nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC | servers can cause a crash. CVE-2017-9469[1]: | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC | files, it tries to find the terminating quote one byte before the | allocated memory. Thus, remote attackers might be able to cause a | crash. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468 [1] https://security-tracker.debian.org/tracker/CVE-2017-9469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469 [2] https://irssi.org/security/irssi_sa_2017_06.txt [3] https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55 Regards, Salvatore
--- End Message ---
--- Begin Message ---Version: 1.0.3-1 Hi, sorry, only saw this bugreport after I uploaded the package. I got notified by upstream already and we weren't even aware that CVEs got assigned. :) My bad, will look into the BTS next time before I upload. I plan to push the referenced commit to stretch, jessie, and potentially also wheezy. It might just take me a bit. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los |
--- End Message ---

