Package: release.debian.org Severity: high Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi! irssi got some security related updates, and I prepared an update. I'm sending the debdiff for it, should be pretty straight forward, it's mostly the upstream commit fixing the security issues in a patch file, and I'm going to upload it now so it makes it in time for the point release. If anything more is needed please let me know and I can try to fix that ASAP. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los |
diff -u irssi-0.8.17/debian/changelog irssi-0.8.17/debian/changelog --- irssi-0.8.17/debian/changelog +++ irssi-0.8.17/debian/changelog @@ -1,3 +1,15 @@ +irssi (0.8.17-1+deb8u3) jessie; urgency=low + + * New patch 24security-fixes pulled from upstream commit 6c6c42e3d1b4 + (besides the one issue in src/fe-text/term-terminfo.c which is 0.8.18 + onward only), closes: #850403: + - CVE-2017-5193: NULL pointer dereference in the nickcmp function + - CVE-2017-5194: Use-after-freee when receiving invalid nick message + - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes + * Set PACKAGE_VERSION for configure as suggested by upstream. + + -- Rhonda D'Vine <rho...@debian.org> Sat, 07 Jan 2017 15:54:02 +0100 + irssi (0.8.17-1+deb8u2) jessie; urgency=high * New patch 23fix-buf.pl to fix an information exposure issue involved with diff -u irssi-0.8.17/debian/patches/series irssi-0.8.17/debian/patches/series --- irssi-0.8.17/debian/patches/series +++ irssi-0.8.17/debian/patches/series @@ -10,0 +11 @@ +24security-fixes diff -u irssi-0.8.17/debian/rules irssi-0.8.17/debian/rules --- irssi-0.8.17/debian/rules +++ irssi-0.8.17/debian/rules @@ -42,6 +42,8 @@ --enable-ipv6 --with-bot --with-proxy --enable-true-color \ --with-perl-lib=vendor +VERSION = $(shell dpkg-parsechangelog | grep "^Version:" | cut -d" " -f2) + # enable DANE only on linux, libval doesn't compile on kfreebsd (yet) ifneq (,$(findstring linux,$(DEB_HOST_ARCH_OS))) CONFIGURE_SWITCHES += --enable-dane @@ -51,7 +53,7 @@ dh_testdir # Add here commands to configure the package. dh_autotools-dev_updateconfig - CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES) + CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES) PACKAGE_VERSION=$(VERSION) build: build-arch build-indep only in patch2: unchanged: --- irssi-0.8.17.orig/debian/patches/24security-fixes +++ irssi-0.8.17/debian/patches/24security-fixes @@ -0,0 +1,79 @@ +Author: ailin-nemui vim:ft=diff: +Description: CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 + Upstream commit 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + besides the fix for CVE-2017-5196 which is for 0.8.18 onward + + +--- a/src/fe-common/core/formats.c ++++ b/src/fe-common/core/formats.c +@@ -68,7 +68,7 @@ static void format_expand_code(const cha + + if (flags == NULL) { + /* flags are being ignored - skip the code */ +- while (**format != ']') ++ while (**format != ']' && **format != '\0') + (*format)++; + return; + } +@@ -246,6 +246,10 @@ int format_expand_styles(GString *out, c + case '[': + /* code */ + format_expand_code(format, out, flags); ++ if ((*format)[0] == '\0') ++ /* oops, reached end prematurely */ ++ (*format)--; ++ + break; + case 'x': + case 'X': +@@ -969,6 +973,7 @@ static const char *get_ansi_color(THEME_ + str++; + for (num2 = 0; i_isdigit(*str); str++) + num2 = num2*10 + (*str-'0'); ++ if (*str == '\0') return start; + + switch (num2) { + case 2: +@@ -986,6 +991,8 @@ static const char *get_ansi_color(THEME_ + for (; i_isdigit(*str); str++) + num2 = (num2&~0xff) | + (((num2&0xff) * 10 + (*str-'0'))&0xff); ++ ++ if (*str == '\0') return start; + } + + if (i == -1) break; +@@ -1014,6 +1021,7 @@ static const char *get_ansi_color(THEME_ + str++; + for (num2 = 0; i_isdigit(*str); str++) + num2 = num2*10 + (*str-'0'); ++ if (*str == '\0') return start; + + if (num == 38) { + flags &= ~GUI_PRINT_FLAG_COLOR_24_FG; +--- a/src/irc/core/irc-nicklist.c ++++ b/src/irc/core/irc-nicklist.c +@@ -338,7 +338,11 @@ static void event_whois_ircop(SERVER_REC + static void event_nick_invalid(IRC_SERVER_REC *server, const char *data) + { + if (!server->connected) +- server_disconnect((SERVER_REC *) server); ++ /* we used to call server_disconnect but that crashes ++ irssi because of undefined memory access. instead, ++ indicate that the connection should be dropped and ++ let the irc method to the clean-up. */ ++ server->connection_lost = server->no_reconnect = TRUE; + } + + static void event_nick_in_use(IRC_SERVER_REC *server, const char *data) +--- a/src/irc/core/irc-queries.c ++++ b/src/irc/core/irc-queries.c +@@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC + { + GSList *tmp; + ++ g_return_val_if_fail(nick != NULL, NULL); ++ + for (tmp = server->queries; tmp != NULL; tmp = tmp->next) { + QUERY_REC *rec = tmp->data; +