Your message dated Sat, 23 Sep 2017 21:39:20 +0000
with message-id <[email protected]>
and subject line Bug#876553: fixed in weechat 1.9.1-1
has caused the Debian Bug report #876553,
regarding weechat: CVE-2017-14727: crash in logger plugin when converting
date/time specifiers in file mask
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
876553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: weechat
Version: 1.9-1
Severity: important
Tags: security upstream
Hi
See https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Date/time conversion specifiers are expanded after replacing buffer
local variables in name of log files. In some cases, this can lead to
an error in function strftime and a crash caused by the use of an
uninitialized buffer.
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
A CVE has not yet been assigned.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: weechat
Source-Version: 1.9.1-1
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bouthenot <[email protected]> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 Sep 2017 21:47:32 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc
weechat-dev
Architecture: source amd64 all
Version: 1.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Emmanuel Bouthenot <[email protected]>
Changed-By: Emmanuel Bouthenot <[email protected]>
Description:
weechat - Fast, light and extensible chat client (metapackage)
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Closes: 876553
Changes:
weechat (1.9.1-1) unstable; urgency=medium
.
* New upstream release
- CVE-2017-14727 - Include a patch which fix a possible crash in logger
plugin (Closes: #876553)
* Disable build of javascript plugin to fix weechat autoremoval from
testing (RC bugs in libv8)
* Bump Standards-Version to 4.1.0
Checksums-Sha1:
c2eebae2a6825add32a6e35d9cae24ae7705e39a 2351 weechat_1.9.1-1.dsc
caebc05c4a8627625d2688534fbba624555e5a8e 2658824 weechat_1.9.1.orig.tar.bz2
866986d23f47bd81aa7a8c8ddce5a2e3e41d80e0 15348 weechat_1.9.1-1.debian.tar.xz
102a3af6bd7beeee30098b1e3fd8f25650359561 724044
weechat-core-dbgsym_1.9.1-1_amd64.deb
69c77bd747853921582f5eebd581513de7b62a27 735734 weechat-core_1.9.1-1_amd64.deb
9478883891bbaefbb70578cd5050ccbd8ceb93ad 1107054
weechat-curses-dbgsym_1.9.1-1_amd64.deb
b9c22e3e52a3a1f4dea94f307f1beb4c2ea4d9f6 410226
weechat-curses_1.9.1-1_amd64.deb
e9979e6c0bee5ea509a2d50c71bef5c61ee9ad83 70372 weechat-dev_1.9.1-1_all.deb
f8d4fc1021e98d4dc6a071e956fe88a1063dc230 860976 weechat-doc_1.9.1-1_all.deb
89270b66599cd446c04a489d7c5f3735812fb903 1499864
weechat-plugins-dbgsym_1.9.1-1_amd64.deb
a8cb7ba752458567bbb997c6f3bed7ae52a7c8a8 441014
weechat-plugins_1.9.1-1_amd64.deb
c1754b677f436f9691b62ae9605189b6d1b366bc 57544 weechat_1.9.1-1_all.deb
140ef22e240497ff1f82d7132fec58b146d70a45 11897 weechat_1.9.1-1_amd64.buildinfo
Checksums-Sha256:
a4f37e62dde4a8b565484c1a00a0cc68e65d0767fbf798fee5e4c6e6556a8a06 2351
weechat_1.9.1-1.dsc
a1968c41803677edb4486b5f4e14a86205afce45bf1e06cfe2c012bcd201f1cd 2658824
weechat_1.9.1.orig.tar.bz2
0c28fa0e8ffcc630f0b77a8097bfed3663f5fee6d0b61f03856b1121aa3b2541 15348
weechat_1.9.1-1.debian.tar.xz
b516386a0b739bf728bd697c65c3ddba54f2c5bf4fcec46a56e3153c661307a7 724044
weechat-core-dbgsym_1.9.1-1_amd64.deb
73273a96594597bdbee4cec44823c28b5cb57952da4792ce846d00075d743403 735734
weechat-core_1.9.1-1_amd64.deb
8ad277f5ddf99c5bd16b4401767f5651f42ed8ffc2d6aad24b4e4c99851d17b7 1107054
weechat-curses-dbgsym_1.9.1-1_amd64.deb
798607cfc21c416026703e5b1d9f03e60f9506729ebe50e24903d2ad8a0203ba 410226
weechat-curses_1.9.1-1_amd64.deb
538c451040d65dfe7ce10a8725faf96cf84e25d2ffe4f39c146ab45ae897e0fe 70372
weechat-dev_1.9.1-1_all.deb
736c2db1c7c097ae5134e849421a1230aed98ae563acab04bad55a397accdb65 860976
weechat-doc_1.9.1-1_all.deb
3f13e984e559596108fe48d241ad1b4671694dca690eff14d9ccd6ab8e4d24f1 1499864
weechat-plugins-dbgsym_1.9.1-1_amd64.deb
b4805b72d9b72d076b79e171d3b1aeb5ece11f68e132bd77bec63467954bddc0 441014
weechat-plugins_1.9.1-1_amd64.deb
14e43f07814735f6fd0df8c8643264c7ec205e82635efe55fe5318f42f10f5e0 57544
weechat_1.9.1-1_all.deb
5894efaf5aebfbd46ebce41f0ca56572acec48c23c5415320802d5380766fc3f 11897
weechat_1.9.1-1_amd64.buildinfo
Files:
4eb41eacc50a855244df100ea5bf1c72 2351 net optional weechat_1.9.1-1.dsc
4e81b9384fc47e2b697166bc05a9b4dc 2658824 net optional
weechat_1.9.1.orig.tar.bz2
9a957739fc7e51fd1032663098b03269 15348 net optional
weechat_1.9.1-1.debian.tar.xz
92601ceea2adc0efe6ce27d1973a6b1d 724044 debug optional
weechat-core-dbgsym_1.9.1-1_amd64.deb
cb85cf42afda43b9a0626b2984340f6d 735734 net optional
weechat-core_1.9.1-1_amd64.deb
9ff3c23b7ef1c714320463a3367ec2f1 1107054 debug optional
weechat-curses-dbgsym_1.9.1-1_amd64.deb
504f0e03313dda8e63e87f91b9bc3477 410226 net optional
weechat-curses_1.9.1-1_amd64.deb
ec2776a22d9f9c5170f546a5abe708f1 70372 devel optional
weechat-dev_1.9.1-1_all.deb
c0ca9e10a6037ecd12c3481d3c3de07d 860976 doc optional
weechat-doc_1.9.1-1_all.deb
683bd58349f0c55c49f575121748f680 1499864 debug optional
weechat-plugins-dbgsym_1.9.1-1_amd64.deb
d88aa60bb048fc4f603befcc18a97dda 441014 net optional
weechat-plugins_1.9.1-1_amd64.deb
c386e48f0cc01b6f31af5c6f5893593d 57544 net optional weechat_1.9.1-1_all.deb
d9c13abe7d960f38d2a3d30cfb9a60e4 11897 net optional
weechat_1.9.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQ1Tfow3vJnf8QuHSwd3I5KdQsMFAlnGztYACgkQSwd3I5Kd
QsP5UA//TGysJzkLvZ/w6uM45FkDRok2AalKbq7JsvDWN8F/dmuK54uCby2VYRFk
zysHWYr8N1XdChYMsoi5AwngMrJ/zhr+pFoRIdwAfa9sxADkDvLa5yd88nn0dBCO
CU9DwuqU4e1v1UTnV8ED0Xj0SGm6WzMMOmO28blfywavwZBgIr2jaAEVdkM8WeH2
v/O+LpHptJBdP7Xkg+v5xfUrGaWZHzllqdaDnk+oGNf7Ll8mw1SCt1uktJ4ByRSX
xMdxhlyfz4fEpBpkrHNAYOuLDua2hQgzsUNCHTnlH4BMChw0tydroSr293Vrh7ya
D1Bo2N5jb27AzbLPZqskdrQxuuxgm29vbcSbcLYfCNZ2gbkinay/Mes0XoSYfjhB
2PdiBR9vOYSv9ycKDysTRQhsUFLb/OHEUT4WLAsQWAt/Ikcu4/KOIum+R0aY5oc+
7lxKz/0KBksGnjjL5LGDWl+HlKExE/5w+8+c6OfSLI3xeLhJzWQ1EzqWQWsupH8r
7Z9GG7oV29e6AVDUy+2YQDDf/42tvjO4YwchqaIUJAwIcgEMb+3745FpsSoaDSiN
H0h9rCSDOA5HgBjz33epmrAvpUAYPHH8Od+LUsWRfi2oZKxbtkYoiozBxcUTK1lb
e6FyZlf0Nl5gZsIOIhgS5fbqWgoVrWE5VTit3sTvHRApKbJwThs=
=SnQm
-----END PGP SIGNATURE-----
--- End Message ---
