Source: irssi Version: 0.8.17-1 Severity: important Tags: upstream patch security fixed-upstream
Hi, the following vulnerabilities were published for irssi. CVE-2017-10965[0]: | An issue was discovered in Irssi before 1.0.4. When receiving messages | with invalid time stamps, Irssi would try to dereference a NULL | pointer. CVE-2017-10966[1]: | An issue was discovered in Irssi before 1.0.4. While updating the | internal nick list, Irssi could incorrectly use the GHashTable | interface and free the nick while updating it. This would then result | in use-after-free conditions on each access of the hash table. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 [1] https://security-tracker.debian.org/tracker/CVE-2017-10966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 [2] https://irssi.org/security/irssi_sa_2017_07.txt [3] https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
