Your message dated Wed, 12 Jul 2017 06:35:06 +0000 with message-id <e1dvbeo-000fef...@fasolo.debian.org> and subject line Bug#867598: fixed in irssi 1.0.4-1 has caused the Debian Bug report #867598, regarding irssi: CVE-2017-10965 CVE-2017-10966 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 867598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867598 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: irssi Version: 0.8.17-1 Severity: important Tags: upstream patch security fixed-upstream Hi, the following vulnerabilities were published for irssi. CVE-2017-10965[0]: | An issue was discovered in Irssi before 1.0.4. When receiving messages | with invalid time stamps, Irssi would try to dereference a NULL | pointer. CVE-2017-10966[1]: | An issue was discovered in Irssi before 1.0.4. While updating the | internal nick list, Irssi could incorrectly use the GHashTable | interface and free the nick while updating it. This would then result | in use-after-free conditions on each access of the hash table. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 [1] https://security-tracker.debian.org/tracker/CVE-2017-10966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 [2] https://irssi.org/security/irssi_sa_2017_07.txt [3] https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: irssi Source-Version: 1.0.4-1 We believe that the bug you reported is fixed in the latest version of irssi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rhonda D'Vine <rho...@debian.org> (supplier of updated irssi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Jul 2017 07:17:19 +0200 Source: irssi Binary: irssi irssi-dev Architecture: source amd64 Version: 1.0.4-1 Distribution: unstable Urgency: high Maintainer: Rhonda D'Vine <rho...@debian.org> Changed-By: Rhonda D'Vine <rho...@debian.org> Description: irssi - terminal based IRC client irssi-dev - terminal based IRC client - development files Closes: 867598 Changes: irssi (1.0.4-1) unstable; urgency=high . * New upstream bugfix release (closes: #867598): - Fix null pointer dereference when parsing invalid timestamp. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965] - Fix use-after-free condition when removing nicks from the internal nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966] - Fix incorrect string comparison in DCC file names. - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'". - Fix a bug when using \n to separate lines with expand_escapes. - Retain screen output on improper exit, to better see any error messages. - Minor help update. Checksums-Sha1: 0d270947eccb9d4b6d8948da22dea90f07c6b785 1910 irssi_1.0.4-1.dsc 8e5567f7dc6f872aa3d04a04f62b7a376fd99cc2 1030956 irssi_1.0.4.orig.tar.xz 86f40d4e5a6dd9273dfa1531ac7c0e6fa519bdea 19536 irssi_1.0.4-1.debian.tar.xz c28eaf4d04292caa80f292281c5cd0858bfbf287 2931962 irssi-dbgsym_1.0.4-1_amd64.deb 6ce7f2bb3347ec0061197fccf7a401d3843ffd20 451478 irssi-dev_1.0.4-1_amd64.deb 9e911c12775ccce6651984e1b22237253fd694c0 6686 irssi_1.0.4-1_amd64.buildinfo fc1dc05b3d48fd35a13bf0e3965fe64c170763c0 1078046 irssi_1.0.4-1_amd64.deb Checksums-Sha256: 8fec098c12cadf6b23609784234e08a46670cf3829dfee1285a6a42bcb13f208 1910 irssi_1.0.4-1.dsc b85c07dbafe178213eccdc69f5f8f0ac024dea01c67244668f91ec1c06b986ca 1030956 irssi_1.0.4.orig.tar.xz 3a27cce0ee948a17ce9fda401e4ed6f5c959b663c8205d22f63a216d33ce6154 19536 irssi_1.0.4-1.debian.tar.xz 747c2147a5d584f8656823d5390ba2e21c494784bb8d9e3e793dccf4210d6140 2931962 irssi-dbgsym_1.0.4-1_amd64.deb 3b36e3c6d2d821f22bf35560246fa28762ea48769308cc0d91589e2abf270331 451478 irssi-dev_1.0.4-1_amd64.deb de2227f2f6555be5495b308c7bab419ebf5cb345c6ba244be3348bc045275ff9 6686 irssi_1.0.4-1_amd64.buildinfo e7c4faccd4f74e7b8082b5f01a6063537fc05fb3895e215b65697737c15afd1f 1078046 irssi_1.0.4-1_amd64.deb Files: 8a527672737f8defbcbadcfcf2bc27d1 1910 net optional irssi_1.0.4-1.dsc 46d4ac2a7ab472e5dc800e5d7bd9a879 1030956 net optional irssi_1.0.4.orig.tar.xz f3f3dc8534347ba866345f662b75b616 19536 net optional irssi_1.0.4-1.debian.tar.xz d2bce1c4c43fb00e68f78ddf3f363b92 2931962 debug extra irssi-dbgsym_1.0.4-1_amd64.deb 9da485395a47b5d2113b418624dc1aca 451478 net extra irssi-dev_1.0.4-1_amd64.deb d964e9972fe3daf88eb98363659e2cf3 6686 net optional irssi_1.0.4-1_amd64.buildinfo fc239d758e97e91e28b01a4f127f2a17 1078046 net optional irssi_1.0.4-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlllvccACgkQ3ugEPuF+ uzD6WRAAneFE3/xb0raIuimwTM4kWFeacAGfNdELrrgokMXCkbtVff/e8mwurpiM 3NaHJc33ONmIrUln/EeCvtBq2cNOXotvlmCRB8JheayTwPSkcffOBAaCovs8awAA Tdkj9NdrvqqaeaT6/lZBxBpx50xqzm4880APofFwZnLQ8O81pWOlt7pMcskJuqFW LNlOk8wr1BlLFetDCiMbGdOskB6cik8GA2LwMJ1yy5s1/wpvYgcojpv/XQrMqYG7 9DdzbRa6YBqYfkljhdWWuFbF40yoTy3+Si9J48cJezGPIYcw0C0KwWeA7W3Qg1CK 1UpKlX+3V7dHVsCTRO8EvbXFKJjvR3s/KSQShwn/JazRLM/mhrJ2WMy/jpwohdoR 53k9NsCG0c1ctjj0ekg0MdfJ/nzT/d1427CAQ1CQuhgmA42mWzursPJ37oum2FsC aaPIcFkWf2P4KRgJxzmUmlK3zmzFQIcK/QlKKBbmdsm+l0zPwhSVKSzcjzVjkgZi fDvvndNC5GRf1odBvWxZzKM272L5sl1t4NPd5T67/idVsfh3aq8nq8NpXizbVsVw LEqY9gfy2ZGE58WZJZ/5RsbzbEJT1yc0HRT+7AY6zSsUiKUi77LAqEGvFnOZRFqw JTjj2KaBFaTzTqlh4TvSizJJSLMNT9Xnbvp6I4VP832vmVKRSEQ= =3pS9 -----END PGP SIGNATURE-----
--- End Message ---
