Accepted irssi 1.0.7-1~deb9u1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Apr 2018 14:51:31 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1~bpo8+1
Distribution: jessie-backports
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
irssi - terminal based IRC client
irssi-dev - terminal based IRC client - development files
Closes: 864400 867598 879521 886475 890674 890675 890676 890677 890678
Changes:
irssi (1.0.7-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
.
* Security update using upstream version 1.0.7. See changelog entries of
1.0.7-1 and 1.0.5-1 for the CVE lists.
* Remove pulled patches that were put on top of 1.0.2.
* Lower debhelper compat to 10.
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
.
irssi (1.0.5-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
.
irssi (1.0.4-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #867598):
- Fix null pointer dereference when parsing invalid timestamp.
Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
- Fix use-after-free condition when removing nicks from the internal
nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
- Fix incorrect string comparison in DCC file names.
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
- Fix a bug when using \n to separate lines with expand_escapes.
- Retain screen output on improper exit, to better see any error
messages.
- Minor help update.
.
irssi (1.0.3-1) unstable; urgency=high
.
* New upstream pure bugfix release.
.
irssi (1.0.2-1+deb9u2) stretch; urgency=high
.
* Security related update pulling upstream 5e26325317 (closes: 867598):
- Fix null pointer dereference (CVE-2017-10965)
- Fix use-after-free condition for nicklist (CVE-2017-10966)
.
irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
* Fix oob read of one byte in get_file_params_count{,_resume}
(CVE-2017-9469) (Closes: #864400)
Checksums-Sha1:
80cb4481366bcf561adf22517683deb7f6ae3b80 1955 irssi_1.0.7-1~deb9u1~bpo8+1.dsc
0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
446d714c8db0e8758f3f6abacfc49e0f28a53d40 20916 irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
76dff8ca93e95c3c9bc77d39eb63f8c598a5bef7 1084162 irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
45d17e9622ec7d54333d3cc07242967353471015 455898 irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb
Checksums-Sha256:
c52b2fb9c9beec4f88f77a0db9f058b1380fa3833f5d57f914fc7c5d3313db0d 1955 irssi_1.0.7-1~deb9u1~bpo8+1.dsc
1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
140a1041052c27470dc778f315b5a3a1ec48d52ba0dd0ad59147fd1f88b501a5 20916 irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
9dce61f57d1cd5cb3a3e5e48579578cca036f5614c4d5d8d87c87bace678e7e4 1084162 irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
3dadc0d2e94a9ce44ae0e3c74d85c2d99ab442212414b895920dac6d6172cbf4 455898 irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb
Files:
0a2a8c6d461c96388ec28668b2cc2193 1955 net optional irssi_1.0.7-1~deb9u1~bpo8+1.dsc
6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
f1fbdcc1fc8d1ed343648fa4bb05c19c 20916 net optional irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
e072b06f431973bd94120ab41380ed8e 1084162 net optional irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
620d4cf7f250d9e7ad2b54390cc1014e 455898 net optional irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlrZi4kACgkQ3ugEPuF+
uzCfTBAAs1aNZrHWOdir6QLYgtvohLCHfqKSLPBSgPlHxFI66WSVcCvdGTw7+vkp
w6KDaJ9R0NW62bOsVuJKBSs2Ihs4kDbgUZJucIyBpdtTHT1K2EC+uHU8pXDOmdgW
qeTMBXX6DiG8E04ZwSz5MHvVmGKlgzXYwnU1cPtem4jRAqGJAP7jfglBXppk5Spx
qKFIqXA+Ma5DDDbZpsW/0zdysE9zy/PTkYf9aGrC1uYIBHKGK/Vm8eWyUvi7py6W
lEpLNcoauDN5XpO7WWeG8AX1hYQT0Rej2VgKhpNw0Mdhtar2uHhGN+eKaw2T/4Q/
Zpt6sTFQnU/v8Z2BUL/Mkcyq82AH/pXwKauFHYMl6VaRGxcFjkhyAOkkrzPHMfVw
jyPqn2nu0eQHXBrdyuWezohUBPk4xkzRTtlXwxOYGwbGX9yVE/p1QzdPknGvs1YZ
PNazjr+9ohqLycuDzps+SB9PDE+ifNj53Z6Saag8SuSjKHTcvlIvCAWAHO3Mc8Bj
+gOg3KSx6eL1xY1osa107fulophuYsHuQE3s0i9593Rk5NIAvnu2xteFRQpEFFnR
1BmW0qyBJLyvB+Dh2jtIjNr7hHuoyV0rbRVKNdprZalK24OEB/UeQuqpmM4esdcK
Mam/R6kYSq1kKWcz7cdNdwEFzPdKo9XxhNaMIk1M/n0aWyfbjC0=
=kaOk
-----END PGP SIGNATURE-----
Reply to: