Your message dated Sun, 08 Oct 2017 12:03:15 +0000
with message-id <[email protected]>
and subject line Bug#876553: fixed in weechat 1.0.1-1+deb8u2
has caused the Debian Bug report #876553,
regarding weechat: CVE-2017-14727: crash in logger plugin when converting
date/time specifiers in file mask
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
876553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: weechat
Version: 1.9-1
Severity: important
Tags: security upstream
Hi
See https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Date/time conversion specifiers are expanded after replacing buffer
local variables in name of log files. In some cases, this can lead to
an error in function strftime and a crash caused by the use of an
uninitialized buffer.
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
A CVE has not yet been assigned.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: weechat
Source-Version: 1.0.1-1+deb8u2
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Sep 2017 21:27:15 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc
weechat-dev weechat-dbg
Architecture: all source
Version: 1.0.1-1+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Emmanuel Bouthenot <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 876553
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
weechat (1.0.1-1+deb8u2) jessie; urgency=medium
.
* Non-maintainer upload.
* logger: call strftime before replacing buffer local variables
(CVE-2017-14727) (Closes: #876553)
Checksums-Sha1:
f309ddc72ce73814e81a9b5ac57c41b9a6f7ab1f 2611 weechat_1.0.1-1+deb8u2.dsc
b0adcaa9d463a31e09c814ea6ac5e87c18d155e2 16392
weechat_1.0.1-1+deb8u2.debian.tar.xz
008427c57d8d4394ba5b5c54bd3b2c8649ab3d16 48798 weechat_1.0.1-1+deb8u2_all.deb
eb5d2baf36d4cd634239ea8d30b76eb764b80ce7 775174
weechat-doc_1.0.1-1+deb8u2_all.deb
f339f839a4a72697642697a6e0bb6d31ac9c187a 60312
weechat-dev_1.0.1-1+deb8u2_all.deb
Checksums-Sha256:
f3f84cb64a83e5256a04ae83d95f8248183b261ff11f65d613ee283a3ddd909d 2611
weechat_1.0.1-1+deb8u2.dsc
5587f3ca3aa1b9a4d7b5025e432bbf67d6416af4aa10a0c9e30a7a3baa319098 16392
weechat_1.0.1-1+deb8u2.debian.tar.xz
ca277b8fd8036a9c58052f607a3d51eb63f6f39ce21bbb8c58b8a00f26f1f966 48798
weechat_1.0.1-1+deb8u2_all.deb
e40b411edba85e0625414e4d3adaabc7fe4a2093fd8d2a87c8115eb023921b92 775174
weechat-doc_1.0.1-1+deb8u2_all.deb
a2b8c76d723664bbe066cc35243ed4784fa5b686401a1873c0a5cf7c46311011 60312
weechat-dev_1.0.1-1+deb8u2_all.deb
Files:
dbb01c4713a8667ef85f5d300d5031b2 2611 net optional weechat_1.0.1-1+deb8u2.dsc
fdb73bee6e6280bc52fdd3de25df4c70 16392 net optional
weechat_1.0.1-1+deb8u2.debian.tar.xz
f3abca434414658510efa103c7d1ea5d 48798 net optional
weechat_1.0.1-1+deb8u2_all.deb
e68a902308127dacb324a08765cabcfc 775174 doc optional
weechat-doc_1.0.1-1+deb8u2_all.deb
b011e511252ea81df283f7e9b362fed3 60312 devel optional
weechat-dev_1.0.1-1+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnMZ8ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENikP+wRGpIILlVxJpv3S929lqaGdsfXImirS
4g8clvaBFwIoHhcaB3TmzYYB//uYzCaznbeXDe7XyXH5hSx41Tg7z9GHaWUc2n6N
Oxou7knOMm2MQMnB5/YTYZYOGBzgSopDT0KPUK6fi86cG1/+fhrnlvyNI0hZxowI
ush6enCrmr8ymj0iGoTXT9rRTzPiSM1NPlcTNpBPbDsfkDYlVpQY1aRRso2alZRO
dVm2yXt/wkHi9A6clPIWoWhcTRWj8FNWIMxT3TB9zbsFGaOw7qETaVEz4cw0BSeZ
CFKkkBnb3Ql/eN7qV0Y0KGp+F4ukDEr6Ki3pjD8hiUKHoI2czkLuLxcT6Yc1GSNm
OVaUvmIR0tw4Bfl9UD/F6cKgZV5C/St3oB2l2jQi3UEoeKJ8MfpZq0Zchdw2mKb5
o7mDL4DizA24+npLws3JBD5qIB/DLz+M2iU8rx4SnF/KxOOtsP8QCMwg7BnmF+9c
g4IflSUJgI/uoXRKlHpc+bNFQIRKdfTg8xopX3d2hNL9YQkW8pgi08pm23snFORJ
X8ZK7EITsVTv299HypWddfntvafidfVagWAZsWp8xsGaEGhpgcIfTY8MXO7fPV03
EwSKn1M7v1WJGynhcNgK5zGbLTtpGUVXO4CrzBfYX1rHkQpZ6sdh2n20S7eLOQG6
5WSUMnA7o/z1
=9i78
-----END PGP SIGNATURE-----
--- End Message ---
