Public bug reported: While the version in Bionic contains the CVE fixes, it would be nice to ship the latest bugfix release in the 1.0.x series.
dget https://launchpad.net/~unit193/+archive/ubuntu/staging/+files/irssi_1.0.7-1ubuntu1.dsc Source: irssi Version: 1.0.7-1ubuntu1 Distribution: devel Urgency: high Maintainer: Unit 193 <unit...@ubuntu.com> Timestamp: 1520636093 Date: Fri, 09 Mar 2018 17:54:53 -0500 Closes: 886475 890674 890675 890676 890677 890678 Changes: irssi (1.0.7-1ubuntu1) devel; urgency=medium . * Merge from Debian. Remaining changes: - Refresh and re-enabled 20fix_ssl_proxy_hostname_check. - When we have a proxy setting, we expect the CN to match the proxy hostname, not the server hostname. - d/p/90irc-ubuntu-com: + Add the Ubuntu network with irc.ubuntu.com as the server, which is currently a CNAME for chat.freenode.net. - d/p/03firsttimer_text: + Adapt 03firsttimer_text so it tells you about connecting to Ubuntu and joining #ubuntu. * Changes no longer needed: - d/p/CVE-2018-xxxx.patch: Applied upstream. . irssi (1.0.7-1) unstable; urgency=high . * New upstream bugfix release (closes: #886475): From 1.0.6: - Fix invalid memory access when reading hilight configuration (#787, #788). - Fix null pointer dereference when the channel topic is set without specifying a sender [CVE-2018-5206] - Fix return of random memory when using incomplete escape codes [CVE-2018-5205] - Fix heap buffer overflow when completing certain strings [CVE-2018-5208] - Fix return of random memory when using an incomplete variable argument [CVE-2018-5207] . From 1.0.7: - Prevent use after free error during the execution of some commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674) - Revert netsplit print optimisation due to crashes - Fix use after free when SASL messages are received in unexpected order [CVE-2018-7053] (closes: #890675) - Fix null pointer dereference in the tab completion when an empty nick is joined [CVE-2018-7050] (closes: #890678) - Fix use after free when entering oper password - Fix null pointer dereference when too many windows are opened [CVE-2018-7052] (closes: #890676) - Fix out of bounds access in theme strings when the last escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051] (closes: #890677) - Fix out of bounds write when using negative counts on window resize - Minor help correction. By William Jackson . * Fix watch URL. * Bump to debhelper compat 11, remove autotools-dev Build-Depends. * Bump Standards-Version to 4.1.3. * Add lintian overrides for the spelling of "hilight" in the changelog mentioning the lintian overrides for the spelling of "hilight" in irssi itself. ** Affects: irssi (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754781 Title: Please merge the latest bug release, 1.0.7-1, from Debian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/irssi/+bug/1754781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
