Bug#890674: marked as done (irssi: CVE-2018-7054)

2018-04-02 Thread Debian Bug Tracking System 
Your message dated Mon, 02 Apr 2018 17:17:10 +
with message-id 
and subject line Bug#890674: fixed in irssi 1.0.7-1~deb9u1
has caused the Debian Bug report #890674,
regarding irssi: CVE-2018-7054
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
890674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: irssi
Version: 1.0.0-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for irssi.

CVE-2018-7054[0]:
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
| There is a use-after-free when a server is disconnected during
| netsplits.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-7054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
[1] https://irssi.org/security/irssi_sa_2018_02.txt

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: irssi
Source-Version: 1.0.7-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine  (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 27 Mar 2018 10:22:28 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine 
Changed-By: Rhonda D'Vine 
Description:
 irssi  - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 879521 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
 .
   * Security update using upstream version 1.0.7. See changelog entries of
 1.0.7-1 and 1.0.5-1 for the CVE lists.
   * Remove pulled patches that were put on top of 1.0.2.
   * Lower debhelper compat to 10.
 .
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
 From 1.0.6:
 - Fix invalid memory access when reading hilight configuration
   (#787, #788).
 - Fix null pointer dereference when the channel topic is set
   without specifying a sender [CVE-2018-5206]
 - Fix return of random memory when using incomplete escape
   codes [CVE-2018-5205]
 - Fix heap buffer overflow when completing certain strings
   [CVE-2018-5208]
 - Fix return of random memory when using an incomplete
   variable argument [CVE-2018-5207]
 .
 From 1.0.7:
 - Prevent use after free error during the execution of some
   commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
 - Revert netsplit print optimisation due to crashes
 - Fix use after free when SASL messages are received in
   unexpected order [CVE-2018-7053] (closes: #890675)
 - Fix null pointer dereference in the tab completion when an
   empty nick is joined [CVE-2018-7050] (closes: #890678)
 - Fix use after free when entering oper password
 - Fix null pointer dereference when too many windows are
   opened [CVE-2018-7052] (closes: #890676)
 - Fix out of bounds access in theme strings when the last
   escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
   (closes: #890677)
 - Fix out of bounds write when using negative counts on window
   resize
 - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
 mentioning the lintian overrides for the spelling of "hilight" in irssi
 itself.
 .
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):

Bug#890674: marked as done (irssi: CVE-2018-7054)

2018-03-06 Thread Debian Bug Tracking System 
Your message dated Tue, 06 Mar 2018 15:51:51 +
with message-id 
and subject line Bug#890674: fixed in irssi 1.0.7-1
has caused the Debian Bug report #890674,
regarding irssi: CVE-2018-7054
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
890674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: irssi
Version: 1.0.0-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for irssi.

CVE-2018-7054[0]:
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
| There is a use-after-free when a server is disconnected during
| netsplits.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-7054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
[1] https://irssi.org/security/irssi_sa_2018_02.txt

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: irssi
Source-Version: 1.0.7-1

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine  (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 06 Mar 2018 14:42:44 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine 
Changed-By: Rhonda D'Vine 
Description:
 irssi  - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
 From 1.0.6:
 - Fix invalid memory access when reading hilight configuration
   (#787, #788).
 - Fix null pointer dereference when the channel topic is set
   without specifying a sender [CVE-2018-5206]
 - Fix return of random memory when using incomplete escape
   codes [CVE-2018-5205]
 - Fix heap buffer overflow when completing certain strings
   [CVE-2018-5208]
 - Fix return of random memory when using an incomplete
   variable argument [CVE-2018-5207]
 .
 From 1.0.7:
 - Prevent use after free error during the execution of some
   commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
 - Revert netsplit print optimisation due to crashes
 - Fix use after free when SASL messages are received in
   unexpected order [CVE-2018-7053] (closes: #890675)
 - Fix null pointer dereference in the tab completion when an
   empty nick is joined [CVE-2018-7050] (closes: #890678)
 - Fix use after free when entering oper password
 - Fix null pointer dereference when too many windows are
   opened [CVE-2018-7052] (closes: #890676)
 - Fix out of bounds access in theme strings when the last
   escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
   (closes: #890677)
 - Fix out of bounds write when using negative counts on window
   resize
 - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
 mentioning the lintian overrides for the spelling of "hilight" in irssi
 itself.
Checksums-Sha1:
 e2dbc91d63a972fc44c732e40215ac062cbfc842 2149 irssi_1.0.7-1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 a61600116bcf861a513a44b70a6152511076f41d 20344 irssi_1.0.7-1.debian.tar.xz
 c03eabca0219054f3a30150348350718140cea2c 2981160 irssi-dbgsym_1.0.7-1_amd64.deb