Your message dated Sat, 24 Jun 2017 21:18:21 +0000
with message-id <[email protected]>
and subject line Bug#864400: fixed in irssi 0.8.17-1+deb8u4
has caused the Debian Bug report #864400,
regarding irssi: CVE-2017-9468 CVE-2017-9469
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864400
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: irssi
Version: 0.8.17-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for irssi.
CVE-2017-9468[0]:
| In Irssi before 1.0.3, when receiving a DCC message without source
| nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC
| servers can cause a crash.
CVE-2017-9469[1]:
| In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC
| files, it tries to find the terminating quote one byte before the
| allocated memory. Thus, remote attackers might be able to cause a
| crash.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
[1] https://security-tracker.debian.org/tracker/CVE-2017-9469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
[2] https://irssi.org/security/irssi_sa_2017_06.txt
[3]
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: irssi
Source-Version: 0.8.17-1+deb8u4
We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated irssi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Jun 2017 15:13:05 +0200
Source: irssi
Binary: irssi irssi-dbg irssi-dev
Architecture: source
Version: 0.8.17-1+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Rhonda D'Vine <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 864400
Description:
irssi - terminal based IRC client
irssi-dbg - terminal based IRC client (debugging symbols)
irssi-dev - terminal based IRC client - development files
Changes:
irssi (0.8.17-1+deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
* Fix oob read of one byte in get_file_params_count{,_resume}
(CVE-2017-9469) (Closes: #864400)
Checksums-Sha1:
72097f2a00b72f26a57778885f1300c826ee5799 2151 irssi_0.8.17-1+deb8u4.dsc
69091fdedd800e34e98475e4bfb6d2340c3e88d7 24255 irssi_0.8.17-1+deb8u4.diff.gz
Checksums-Sha256:
05862e55cf35e9fc1c1751de60c7af20836ee504699d092dfee10c6c75813524 2151
irssi_0.8.17-1+deb8u4.dsc
80bb9e97b6208f7df1bc79b9e7356731b159d95e0c72899d6ec98a0769c904c2 24255
irssi_0.8.17-1+deb8u4.diff.gz
Files:
3ceb3714ba0e414e39b4f62d91946fcf 2151 net optional irssi_0.8.17-1+deb8u4.dsc
4cbc25dc50ad7c20717fb292bc4eb4e6 24255 net optional
irssi_0.8.17-1+deb8u4.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllFXL1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EzYYP/2pL4GFc6e2rIRCt+SjsyocqPr624EBU
kjXdlhB6C8QZDSH1aa0tf9BcBu91Mir/OGXPu8ARcXbIOB16VtwcZfUxMgD7h29n
wvyLNZFaDucEtsjRJ8dYUqTE3mJQeQbylcxtFN0xhFIsu7xXi4loiC0IC88OEGI9
H5wQK4Zsuj0VSTmh8B1owBSac9Jt1QJTUlM/vS1CiiyJNmaxW+kUtbPn+4lk92++
VJZkhqP2T6BvslXNYXHAQ1cCRlFc6abNwLRJV2vL6mLaOx+Mscj0c6CmZt9asKh6
HiztwMhQ6emfV2womMdSX37zq+b2ZeDAG+gtmnVSKUMOeXmfg5LKFvspdauUtb8B
EWqUaDyDsQlIiC5z+YXU+9q+YpHvr3ItaOw7Du+OYoamL9L6Zu7HysGkoHUh72Zy
DzZXlcOKNk4YX/ZVLbvVkMne7sInr+gAzxpgC6rqYid/xGcHeZyvVumFrN8gbnYp
ZQTz97kGb6p3bArFQDfWw6uYNygdamkQXiQYB0B3v3SErBxWoU7HBl1cWwUUnQ1w
wk8qfGxXQrFUyEloGIL2EFPWoF8WNUP7Rd/CWKH4J7l/Dk09bmsksS/TS7odApur
cPbxrSrAxeHh6QU75EVfFg7PvI2hmRlJzEjQ3mGgeQXq4K9RFPgetYqs4/KqA9Jc
YAfh+YW5q57I
=PL6Y
-----END PGP SIGNATURE-----
--- End Message ---