Source: weechat Version: 3.0.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for weechat. CVE-2021-40516[0]: | WeeChat before 3.2.1 allows remote attackers to cause a denial of | service (crash) via a crafted WebSocket frame that trigger an out-of- | bounds read in plugins/relay/relay-websocket.c in the Relay plugin. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-40516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40516 [1] https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b Please adjust the affected versions in the BTS as needed. Regards, Salvatore