Your message dated Sun, 06 Aug 2017 12:32:10 +0000 with message-id <e1dekj4-0001ro...@fasolo.debian.org> and subject line Bug#867598: fixed in irssi 1.0.2-1+deb9u2 has caused the Debian Bug report #867598, regarding irssi: CVE-2017-10965 CVE-2017-10966 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 867598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867598 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: irssi Version: 0.8.17-1 Severity: important Tags: upstream patch security fixed-upstream Hi, the following vulnerabilities were published for irssi. CVE-2017-10965[0]: | An issue was discovered in Irssi before 1.0.4. When receiving messages | with invalid time stamps, Irssi would try to dereference a NULL | pointer. CVE-2017-10966[1]: | An issue was discovered in Irssi before 1.0.4. While updating the | internal nick list, Irssi could incorrectly use the GHashTable | interface and free the nick while updating it. This would then result | in use-after-free conditions on each access of the hash table. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 [1] https://security-tracker.debian.org/tracker/CVE-2017-10966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 [2] https://irssi.org/security/irssi_sa_2017_07.txt [3] https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: irssi Source-Version: 1.0.2-1+deb9u2 We believe that the bug you reported is fixed in the latest version of irssi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rhonda D'Vine <rho...@debian.org> (supplier of updated irssi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Aug 2017 15:59:51 -0400 Source: irssi Binary: irssi irssi-dev Architecture: source amd64 Version: 1.0.2-1+deb9u2 Distribution: stretch Urgency: high Maintainer: Rhonda D'Vine <rho...@debian.org> Changed-By: Rhonda D'Vine <rho...@debian.org> Description: irssi - terminal based IRC client irssi-dev - terminal based IRC client - development files Closes: 867598 Changes: irssi (1.0.2-1+deb9u2) stretch; urgency=high . * Security related update pulling upstream 5e26325317 (closes: 867598): - Fix null pointer dereference (CVE-2017-10965) - Fix use-after-free condition for nicklist (CVE-2017-10966) Checksums-Sha1: adb9bb0dd1bba31c21457147e140516c9560b127 1938 irssi_1.0.2-1+deb9u2.dsc ff9c8d829431eba09e401ac4885ab651069a0a7f 20944 irssi_1.0.2-1+deb9u2.debian.tar.xz 8b376a9d7ce53bdef3be852d9a106e6b4c7d7abb 2943402 irssi-dbgsym_1.0.2-1+deb9u2_amd64.deb 87c281ff45a38929e0d7fe097417e9b839f91fa5 449468 irssi-dev_1.0.2-1+deb9u2_amd64.deb 4f8dd3fc55c4365f07a6f67c0d2f09b9a758d23f 6873 irssi_1.0.2-1+deb9u2_amd64.buildinfo c721728ad6e280c87cf07b93642babff124a6dda 1075880 irssi_1.0.2-1+deb9u2_amd64.deb Checksums-Sha256: 094de63b3e9bce8fc3fc185717cc55ed5647c6b3113dca85134c7eb00950fdd1 1938 irssi_1.0.2-1+deb9u2.dsc 56b90c5a4d4d37c28e1930df2e444f3e83b7f6a601701ba7d4cc8e63ea4e8c3a 20944 irssi_1.0.2-1+deb9u2.debian.tar.xz 01569712ea1bb69decceb49b855f28757ca6ca1f189c8f563dd14693cb7e0e71 2943402 irssi-dbgsym_1.0.2-1+deb9u2_amd64.deb d962ae1814ede60e3201f7e38592807986d39e13e503321ef302648dc1472d66 449468 irssi-dev_1.0.2-1+deb9u2_amd64.deb 030a42ae1bec084484f1e9ae166bfaeb4494160a122e1da9d6b3c36e3b86d677 6873 irssi_1.0.2-1+deb9u2_amd64.buildinfo b34038e8428654a03011f3abe55cbc0e8d07a15670aaf33a5fe8732e81eab475 1075880 irssi_1.0.2-1+deb9u2_amd64.deb Files: af33e66af4333672ed9c2efec46670c2 1938 net optional irssi_1.0.2-1+deb9u2.dsc c2201fb282d6382dc140f4671ca38bec 20944 net optional irssi_1.0.2-1+deb9u2.debian.tar.xz f23e4d19747dfdc5ff253bb58b5e446d 2943402 debug extra irssi-dbgsym_1.0.2-1+deb9u2_amd64.deb 6942922f5fcc1a4225e2e5a1100ad892 449468 net extra irssi-dev_1.0.2-1+deb9u2_amd64.deb 6c5530654c7327b0f281e405074f8b9c 6873 net optional irssi_1.0.2-1+deb9u2_amd64.buildinfo 45135836024ee46d025055a23def9377 1075880 net optional irssi_1.0.2-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlmF3B4ACgkQ3ugEPuF+ uzDvzQ/9FeSpieDJ5S4GhvDFnV9LUBkHCul8l19RuRs84oMiuojBKmJrby9I4Ak+ oznxorHAk1C3fImC1+YyFriUyuquSVWhDtHgytbGtoZ8SjivjFO+sAt0eAGP+zkz OPcWcU27S3RZqL403xuzNHb3RC/1FWJGMignt4PkeTFBX80kiaqqmhfUnaMCzvTj 8+pxzpZBw75DqX18b+TAZydvBn6J5J/vSxkuvyRHRsJuUNJxhYyqEZDsLScOVi1I xBeW9t4yh7ebxGqc+rgEXoUzAe3QMyWaizslF54TcYc5nYZBzNmHRP/r1qH55gQ/ YajiWz2aTW4Vv3gmZCupcRkiw1z8fuJXGHUynPgZvPklwLNu9ygp/5wFudcLOC/t h/grbJ8w+wTb14m6fMnZJ/fkV3yHQDP973pKoR578Enazq8jb1hYUDYCHef810BV NpD5VTILd2h12cA36a3RO65hgGr+qmLhHZW8uteMCG7lcuEuUFTkTezo/tyY2yo7 1ngPwtz0OQLn2p8AFWwV1CU1pSg9lztUUifqj6dOSz0qKH96aKnWVRD2hSaT3YP5 37tZTX0l0ucXetTQvekyfvYIS0SPTB1rmKmI5WKDNE2Pm9pHD+AMbGItIZgY1aQY 46H1ID41Xj4JpXQOk1/cd8f8v3V6dhX/Qf8oITz44eCCnVPaVS8= =EwUS -----END PGP SIGNATURE-----
--- End Message ---
