Bug#876553: marked as done (weechat: CVE-2017-14727: crash in logger plugin when converting date/time specifiers in file mask)

Fri, 29 Sep 2017 04:36:51 -0700 

Your message dated Fri, 29 Sep 2017 11:32:49 +0000
with message-id <[email protected]>
and subject line Bug#876553: fixed in weechat 1.6-1+deb9u2
has caused the Debian Bug report #876553,
regarding weechat: CVE-2017-14727: crash in logger plugin when converting 
date/time specifiers in file mask
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
876553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: weechat
Version: 1.9-1
Severity: important
Tags: security upstream

Hi

See https://weechat.org/news/98/20170923-Version-1.9.1-security-release/

Date/time conversion specifiers are expanded after replacing buffer
local variables in name of log files. In some cases, this can lead to
an error in function strftime and a crash caused by the use of an
uninitialized buffer.

https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556

A CVE has not yet been assigned.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: weechat
Source-Version: 1.6-1+deb9u2

We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated weechat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Sep 2017 20:53:31 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc 
weechat-dev weechat-dbg
Architecture: source
Version: 1.6-1+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Emmanuel Bouthenot <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 876553
Description: 
 weechat    - Fast, light and extensible chat client
 weechat-core - Fast, light and extensible chat client - core files
 weechat-curses - Fast, light and extensible chat client - console client
 weechat-dbg - Fast, light and extensible chat client - debugging symbols
 weechat-dev - Fast, light and extensible chat client - development headers
 weechat-doc - Fast, light and extensible chat client - documentation
 weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
 weechat (1.6-1+deb9u2) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * logger: call strftime before replacing buffer local variables
     (CVE-2017-14727) (Closes: #876553)
Checksums-Sha1: 
 57345fff775f5db0d18af8c75d456cb8bfc1d245 2667 weechat_1.6-1+deb9u2.dsc
 3f874cfe2fa62f0e822fc55a0d7c19910028662c 16916 
weechat_1.6-1+deb9u2.debian.tar.xz
Checksums-Sha256: 
 4b9cd4113ea97f13202b12c0c892b811f27a85a5c60f843735ad860ffbf04bb7 2667 
weechat_1.6-1+deb9u2.dsc
 d4c1aaa21f249e548f908c2f214a58ae5de8d6fee3c277372070fe8983df6371 16916 
weechat_1.6-1+deb9u2.debian.tar.xz
Files: 
 201b509e0bbfacfe53ad8649c03e87ed 2667 net optional weechat_1.6-1+deb9u2.dsc
 92054b9756a974ddecd7adba39b632e9 16916 net optional 
weechat_1.6-1+deb9u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnMZS9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EZFUP/ApwIvrqceA1TE6uOCTR+X/aD7wIu/jU
Csxa/jwR1vpc4DIQL9R7exSDCmJ4mmP9HBgPz8gABtGzNQGFCspjRfmJfL9HCJrV
Axqv6cjOpnT6M4zJNd6waa0JoVwGZyYmfc1gMMzMMIlX611fQ1V2uR9MDlhfsW64
zPeZbzp5kqFLYjbdnQ5VPNOGSHBNB2ULxhv5ulokCbMJkmJcq4kbBd3n/yTAmb4h
poAp1mBX+IXsYzMCg6aaQf95jVsgggJiJadBgA9L3Qw00GMCcAGNsGB//gFVOSoK
RpNSc4Q8/21i/HdFs9a+Ah07BfHI7PgBbSwYLl6GaEnleJ9TJ1I6ltZuYkVhMDZB
Kps19uKmQaV6aIO32yLshom7R4A+HJypMqc7M1U6CY5ov6FPqVz34P4LiP9wQR4B
5AA6CHcBdwhvs62iNGctACDPIaad1qmnqzkurL3Eh5LjD2kTrrJxxfJMSVKCFNm9
s/WNAMkEcFWFfFR71cUoOM2EL4Ted16w1GfnpNkjDUO7goW5Pm6E4IUwxIX95V2G
Z0Ua0IbOfMGt7FY1qMtZkIYYu1G/Ls/vue0bo3rC/NFVcAn+nnPBtzgbPVXwYrpz
QA38OXwohdZ/cdgNKIgrhrgoAyHrxG9udJ1AwLoKoD0E+GsYReP0yoVhdaPC4tQ0
MW/bZjNUpHhO
=9+CT
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to