Your message dated Sat, 14 Jan 2017 12:37:03 +0000 with message-id <1484397423.1091.25.ca...@adam-barratt.org.uk> and subject line Closing requests included in today's point release has caused the Debian Bug report #850539, regarding stable-pu: irssi to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 850539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850539 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: high Tags: jessie User: release.debian....@packages.debian.org Usertags: pu Hi! irssi got some security related updates, and I prepared an update. I'm sending the debdiff for it, should be pretty straight forward, it's mostly the upstream commit fixing the security issues in a patch file, and I'm going to upload it now so it makes it in time for the point release. If anything more is needed please let me know and I can try to fix that ASAP. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los |diff -u irssi-0.8.17/debian/changelog irssi-0.8.17/debian/changelog --- irssi-0.8.17/debian/changelog +++ irssi-0.8.17/debian/changelog @@ -1,3 +1,15 @@ +irssi (0.8.17-1+deb8u3) jessie; urgency=low + + * New patch 24security-fixes pulled from upstream commit 6c6c42e3d1b4 + (besides the one issue in src/fe-text/term-terminfo.c which is 0.8.18 + onward only), closes: #850403: + - CVE-2017-5193: NULL pointer dereference in the nickcmp function + - CVE-2017-5194: Use-after-freee when receiving invalid nick message + - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes + * Set PACKAGE_VERSION for configure as suggested by upstream. + + -- Rhonda D'Vine <rho...@debian.org> Sat, 07 Jan 2017 15:54:02 +0100 + irssi (0.8.17-1+deb8u2) jessie; urgency=high * New patch 23fix-buf.pl to fix an information exposure issue involved with diff -u irssi-0.8.17/debian/patches/series irssi-0.8.17/debian/patches/series --- irssi-0.8.17/debian/patches/series +++ irssi-0.8.17/debian/patches/series @@ -10,0 +11 @@ +24security-fixes diff -u irssi-0.8.17/debian/rules irssi-0.8.17/debian/rules --- irssi-0.8.17/debian/rules +++ irssi-0.8.17/debian/rules @@ -42,6 +42,8 @@ --enable-ipv6 --with-bot --with-proxy --enable-true-color \ --with-perl-lib=vendor +VERSION = $(shell dpkg-parsechangelog | grep "^Version:" | cut -d" " -f2) + # enable DANE only on linux, libval doesn't compile on kfreebsd (yet) ifneq (,$(findstring linux,$(DEB_HOST_ARCH_OS))) CONFIGURE_SWITCHES += --enable-dane @@ -51,7 +53,7 @@ dh_testdir # Add here commands to configure the package. dh_autotools-dev_updateconfig - CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES) + CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES) PACKAGE_VERSION=$(VERSION) build: build-arch build-indep only in patch2: unchanged: --- irssi-0.8.17.orig/debian/patches/24security-fixes +++ irssi-0.8.17/debian/patches/24security-fixes @@ -0,0 +1,79 @@ +Author: ailin-nemui vim:ft=diff: +Description: CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 + Upstream commit 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + besides the fix for CVE-2017-5196 which is for 0.8.18 onward + + +--- a/src/fe-common/core/formats.c ++++ b/src/fe-common/core/formats.c +@@ -68,7 +68,7 @@ static void format_expand_code(const cha + + if (flags == NULL) { + /* flags are being ignored - skip the code */ +- while (**format != ']') ++ while (**format != ']' && **format != '\0') + (*format)++; + return; + } +@@ -246,6 +246,10 @@ int format_expand_styles(GString *out, c + case '[': + /* code */ + format_expand_code(format, out, flags); ++ if ((*format)[0] == '\0') ++ /* oops, reached end prematurely */ ++ (*format)--; ++ + break; + case 'x': + case 'X': +@@ -969,6 +973,7 @@ static const char *get_ansi_color(THEME_ + str++; + for (num2 = 0; i_isdigit(*str); str++) + num2 = num2*10 + (*str-'0'); ++ if (*str == '\0') return start; + + switch (num2) { + case 2: +@@ -986,6 +991,8 @@ static const char *get_ansi_color(THEME_ + for (; i_isdigit(*str); str++) + num2 = (num2&~0xff) | + (((num2&0xff) * 10 + (*str-'0'))&0xff); ++ ++ if (*str == '\0') return start; + } + + if (i == -1) break; +@@ -1014,6 +1021,7 @@ static const char *get_ansi_color(THEME_ + str++; + for (num2 = 0; i_isdigit(*str); str++) + num2 = num2*10 + (*str-'0'); ++ if (*str == '\0') return start; + + if (num == 38) { + flags &= ~GUI_PRINT_FLAG_COLOR_24_FG; +--- a/src/irc/core/irc-nicklist.c ++++ b/src/irc/core/irc-nicklist.c +@@ -338,7 +338,11 @@ static void event_whois_ircop(SERVER_REC + static void event_nick_invalid(IRC_SERVER_REC *server, const char *data) + { + if (!server->connected) +- server_disconnect((SERVER_REC *) server); ++ /* we used to call server_disconnect but that crashes ++ irssi because of undefined memory access. instead, ++ indicate that the connection should be dropped and ++ let the irc method to the clean-up. */ ++ server->connection_lost = server->no_reconnect = TRUE; + } + + static void event_nick_in_use(IRC_SERVER_REC *server, const char *data) +--- a/src/irc/core/irc-queries.c ++++ b/src/irc/core/irc-queries.c +@@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC + { + GSList *tmp; + ++ g_return_val_if_fail(nick != NULL, NULL); ++ + for (tmp = server->queries; tmp != NULL; tmp = tmp->next) { + QUERY_REC *rec = tmp->data; +
--- End Message ---
--- Begin Message ---Version: 8.7 Hi, Each of these bugs refers to an update that was included in today's 8.7 point release. Regards, Adam
--- End Message ---
