Your message dated Tue, 06 Mar 2018 15:51:51 +0000 with message-id <e1etesz-0004ry...@fasolo.debian.org> and subject line Bug#890674: fixed in irssi 1.0.7-1 has caused the Debian Bug report #890674, regarding irssi: CVE-2018-7054 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890674 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: irssi Version: 1.0.0-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for irssi. CVE-2018-7054[0]: | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | There is a use-after-free when a server is disconnected during | netsplits. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054 [1] https://irssi.org/security/irssi_sa_2018_02.txt Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: irssi Source-Version: 1.0.7-1 We believe that the bug you reported is fixed in the latest version of irssi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 890...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rhonda D'Vine <rho...@debian.org> (supplier of updated irssi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Mar 2018 14:42:44 +0100 Source: irssi Binary: irssi irssi-dev Architecture: source amd64 Version: 1.0.7-1 Distribution: unstable Urgency: high Maintainer: Rhonda D'Vine <rho...@debian.org> Changed-By: Rhonda D'Vine <rho...@debian.org> Description: irssi - terminal based IRC client irssi-dev - terminal based IRC client - development files Closes: 886475 890674 890675 890676 890677 890678 Changes: irssi (1.0.7-1) unstable; urgency=high . * New upstream bugfix release (closes: #886475): From 1.0.6: - Fix invalid memory access when reading hilight configuration (#787, #788). - Fix null pointer dereference when the channel topic is set without specifying a sender [CVE-2018-5206] - Fix return of random memory when using incomplete escape codes [CVE-2018-5205] - Fix heap buffer overflow when completing certain strings [CVE-2018-5208] - Fix return of random memory when using an incomplete variable argument [CVE-2018-5207] . From 1.0.7: - Prevent use after free error during the execution of some commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674) - Revert netsplit print optimisation due to crashes - Fix use after free when SASL messages are received in unexpected order [CVE-2018-7053] (closes: #890675) - Fix null pointer dereference in the tab completion when an empty nick is joined [CVE-2018-7050] (closes: #890678) - Fix use after free when entering oper password - Fix null pointer dereference when too many windows are opened [CVE-2018-7052] (closes: #890676) - Fix out of bounds access in theme strings when the last escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051] (closes: #890677) - Fix out of bounds write when using negative counts on window resize - Minor help correction. By William Jackson . * Fix watch URL. * Bump to debhelper compat 11, remove autotools-dev Build-Depends. * Bump Standards-Version to 4.1.3. * Add lintian overrides for the spelling of "hilight" in the changelog mentioning the lintian overrides for the spelling of "hilight" in irssi itself. Checksums-Sha1: e2dbc91d63a972fc44c732e40215ac062cbfc842 2149 irssi_1.0.7-1.dsc 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc a61600116bcf861a513a44b70a6152511076f41d 20344 irssi_1.0.7-1.debian.tar.xz c03eabca0219054f3a30150348350718140cea2c 2981160 irssi-dbgsym_1.0.7-1_amd64.deb faf42b31ca93ee3254a572e54d4df77b8202e9d6 453980 irssi-dev_1.0.7-1_amd64.deb d746d0eb83b5f1a4393e2e4aa42e818018bd8943 7294 irssi_1.0.7-1_amd64.buildinfo 942d1b575dd70ee6f67a418eab2deaea5338635d 1085660 irssi_1.0.7-1_amd64.deb Checksums-Sha256: 8c16bc07a086213ead747c83e8af1ee89862c9bcef16675987dc90b699787731 2149 irssi_1.0.7-1.dsc 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc a06eedac3c912d2f14d4399591572ff98dd9601db7b6b92ba2733c319419b45c 20344 irssi_1.0.7-1.debian.tar.xz 4cff1715765c40b856780bdfa22006ac46d2ea454b3728d8b8586c069055d9a3 2981160 irssi-dbgsym_1.0.7-1_amd64.deb e5ed60b15ca6a8408c1f23b64f6081a41c3790092a20019732e4783c89c12bbb 453980 irssi-dev_1.0.7-1_amd64.deb b3518d0f7eb496e59c9d28824edb1882d7543753f98d3ca8fcb245a4332bab21 7294 irssi_1.0.7-1_amd64.buildinfo ae53ebed69c37fc1716e0d06f1174846391e7f0d25c4e293dd9b53bb1f70a9e9 1085660 irssi_1.0.7-1_amd64.deb Files: 79a9214fd3ffaca794ba8af35e89b92c 2149 net optional irssi_1.0.7-1.dsc 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc 1e28c9230efa6072958dcd54c1340a61 20344 net optional irssi_1.0.7-1.debian.tar.xz e4f18d54ccbd6ca8002afe94c67e7b90 2981160 debug optional irssi-dbgsym_1.0.7-1_amd64.deb fb4e099db6f0befa2beef3459ff3d957 453980 net optional irssi-dev_1.0.7-1_amd64.deb db908039423e8578ef6e1bf0e65a4845 7294 net optional irssi_1.0.7-1_amd64.buildinfo a7ce4ded997e5feaf5b6e716f2f5f87a 1085660 net optional irssi_1.0.7-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlqerPoACgkQ3ugEPuF+ uzDq2RAAmKnalI5aLrEjK5/UPYISYPflqnovaE2JSb0RcgQm3GPFjqmQ967Tq7gG ND5p958VRXEubJZen1sFnSeJtjHZ3Vm4etgJS04qijR8E4Y9y6Utd+ENCFQp++LH zraIjlIt24FccMsUsRDSoB3xP6L0navPCsLMSHODqzcuaJxF6r/jBCNS7ULyjw9a Cbf1Ic3eS/fR5+6szk+teOVsZH7f8+HMKURzR5Q6XmAa3+S0gDZvWmFTE7ZtE+v0 ACMWhGHsDzanCpUMsPZLUsdGVxJDSw4aXBi3yFjsgkyHd69nAwnkWkHaK3le8mI4 JwnCyZ27QH88RymtCVr5/vxpnfTDs+YWanVwVaieDauD6gCswG4maDuOHUtpmBS1 fFPsclbUXHDiY23f6BmF2Mhnr7Ev8uaTSm08beEXqhiVM7PulRuZgXdXJIBgg6a0 FCoYh9prEJghrnjepiKi0vyZYuqxvMVC9e8SOkWRswXOXMClqsKhitsSc5iAr0lZ kTqsvRsClQvo0nlbWC2SwKpRs+X8Pw3YQ6YKYm49BwoM2OjI/eQTHvSvwniVzMc7 8MIsyqmi9TJM4S+3+9uCR+DaiYcBt5Z6qgAHz6K/vLMzbIItRzjUgMD9alO1INg3 hRPtT7GpspIRAsvsQVxHllHzy5g/M9mj5RcPeb6zFg/wZw77RYo= =tCf9 -----END PGP SIGNATURE-----
--- End Message ---
