Your message dated Sat, 24 Jun 2017 14:48:09 +0000
with message-id <[email protected]>
and subject line Bug#864400: fixed in irssi 1.0.2-1+deb9u1
has caused the Debian Bug report #864400,
regarding irssi: CVE-2017-9468 CVE-2017-9469
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864400
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: irssi
Version: 0.8.17-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for irssi.
CVE-2017-9468[0]:
| In Irssi before 1.0.3, when receiving a DCC message without source
| nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC
| servers can cause a crash.
CVE-2017-9469[1]:
| In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC
| files, it tries to find the terminating quote one byte before the
| allocated memory. Thus, remote attackers might be able to cause a
| crash.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
[1] https://security-tracker.debian.org/tracker/CVE-2017-9469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
[2] https://irssi.org/security/irssi_sa_2017_06.txt
[3]
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: irssi
Source-Version: 1.0.2-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated irssi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Jun 2017 15:21:44 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 864400
Description:
irssi - terminal based IRC client
irssi-dev - terminal based IRC client - development files
Changes:
irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
* Fix oob read of one byte in get_file_params_count{,_resume}
(CVE-2017-9469) (Closes: #864400)
Checksums-Sha1:
ee91c41113c7491f34284d1b401dad40251ae347 2093 irssi_1.0.2-1+deb9u1.dsc
37d2e6bd58554204d142acbeff67d9aea70d7305 1027912 irssi_1.0.2.orig.tar.xz
af02e99f1622fd7e5beea72d4176e8f80d5850cd 20168
irssi_1.0.2-1+deb9u1.debian.tar.xz
Checksums-Sha256:
05f42c0787592660a27ce15e3bdf0b419327e11a0a2d5bb2cac7d43c7ff00fca 2093
irssi_1.0.2-1+deb9u1.dsc
5c1c3cc2caf103aad073fadeb000e0f8cb3b416833a7f43ceb8bd9fcf275fbe9 1027912
irssi_1.0.2.orig.tar.xz
866aa2c098a5e4b7e6dde821447ea6fcb86ccd12e249ad5b0a3569e77ed27a1b 20168
irssi_1.0.2-1+deb9u1.debian.tar.xz
Files:
b1bb12c8dd0ad9b5bccfe2b7e3fbeff6 2093 net optional irssi_1.0.2-1+deb9u1.dsc
6de949527c07f0930f0c6c95a8d8b99a 1027912 net optional irssi_1.0.2.orig.tar.xz
097eca72020c6fcdd212d6c95440cda9 20168 net optional
irssi_1.0.2-1+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllFXmZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EGLwQAJzs1Ev5HZpMEQlobLnEb0EZKuz6Vw/d
xmddPy0ulCvGHyX2CQFS8Mx5sz1KNhha9e8yWBg3i9+tZwQ0rZyEnq5plTF+ByZ8
7r7y3vgxpNFLzV/qB0LEeCfGXZJkSjOvg/5elBBppETKnw3KXPDCQTBI7RAuMmKP
CXY21tB3omBwpuCJVJwy+sp15mhru9jUrinKe9qx7GRXGbzAxmHNvjfYZANOiQFi
Fn+gJqW2uKum+/QwI8TXX7KytRGU6vXhL7LDQN1sffZdI9B93+EGuK+lFlUGCIW2
Q0JOVCKc1jxZRmiyE469Cf4yej6LfS+0UHq1ILQ3meAQwl5lfn0afu7roK8KjKod
T/S1lTtcoJoswQOXPi3+h6003FDQLJW8UiIZsvV31UNNAzkum9DsgCP9nkkvnt88
hDefDcoTNVeicY/5n4+JsiJ8wQLtOmdsKsksBJ94SqMo3qfXS+fG1oQzxaVjBZGO
m1OPeNg9KufqIH71ah0njtIOLr3IZM+Smjm59lK5qZ7OXC4ORO2NEftMuV8C4YP7
Tkhu9WXmqtCxnt58N6FK/SgsVKD5PP63POw8/PfgenpdPP6SiM42o8GkzjsVA/n2
ZHQlJjQaSlmhyg+NrbsXrR4OzRPzx/ycdBfTGWQK1+8nXwPoUeheKsKJ8yUqtPub
TpPWUZgEuH2r
=joEF
-----END PGP SIGNATURE-----
--- End Message ---