[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted irssi 1.0.7-1~deb9u1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Apr 2018 14:51:31 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1~bpo8+1
Distribution: jessie-backports
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 864400 867598 879521 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
 .
   * Rebuild for jessie-backports.
 .
 irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
 .
   * Security update using upstream version 1.0.7. See changelog entries of
     1.0.7-1 and 1.0.5-1 for the CVE lists.
   * Remove pulled patches that were put on top of 1.0.2.
   * Lower debhelper compat to 10.
 .
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
 .
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):
     - Fix missing -sasl_method '' in /NETWORK.
     - Fix incorrect restoration of term state when hitting SUSP
       inside screen.
     - Fix out of bounds read when compressing colour
       sequences. Found by Hanno Böck. [CVE-2017-15228]
     - Fix use after free condition during a race condition when
       waiting on channel sync during a rejoin [CVE-2017-15227]
     - Fix null pointer dereference when parsing certain malformed
       CTCP DCC messages. [CVE-2017-15721]
     - Fix crash due to null pointer dereference when failing to
       split messages due to overlong nick or target. [CVE-2017-15723]
     - Fix out of bounds read when trying to skip a safe channel ID
       without verifying that the ID is long enough. [CVE-2017-15722]
     - Fix return of random memory when inet_ntop failed.
     - Minor statusbar help update.
   * Remove deprecated --with autotools_dev call to dh.
   * Bump Standards-Version to 4.1.1.
   * Change priority of irssi-dev from deprecated extra to optional.
   * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
     directly.
 .
 irssi (1.0.4-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #867598):
     - Fix null pointer dereference when parsing invalid timestamp.
       Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
     - Fix use-after-free condition when removing nicks from the internal
       nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
     - Fix incorrect string comparison in DCC file names.
     - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
     - Fix a bug when using \n to separate lines with expand_escapes.
     - Retain screen output on improper exit, to better see any error
       messages.
     - Minor help update.
 .
 irssi (1.0.3-1) unstable; urgency=high
 .
   * New upstream pure bugfix release.
 .
 irssi (1.0.2-1+deb9u2) stretch; urgency=high
 .
   * Security related update pulling upstream 5e26325317 (closes: 867598):
     - Fix null pointer dereference (CVE-2017-10965)
     - Fix use-after-free condition for nicklist (CVE-2017-10966)
 .
 irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
   * Fix oob read of one byte in get_file_params_count{,_resume}
     (CVE-2017-9469) (Closes: #864400)
Checksums-Sha1:
 80cb4481366bcf561adf22517683deb7f6ae3b80 1955 irssi_1.0.7-1~deb9u1~bpo8+1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 446d714c8db0e8758f3f6abacfc49e0f28a53d40 20916 irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
 76dff8ca93e95c3c9bc77d39eb63f8c598a5bef7 1084162 irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
 45d17e9622ec7d54333d3cc07242967353471015 455898 irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb
Checksums-Sha256:
 c52b2fb9c9beec4f88f77a0db9f058b1380fa3833f5d57f914fc7c5d3313db0d 1955 irssi_1.0.7-1~deb9u1~bpo8+1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 140a1041052c27470dc778f315b5a3a1ec48d52ba0dd0ad59147fd1f88b501a5 20916 irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
 9dce61f57d1cd5cb3a3e5e48579578cca036f5614c4d5d8d87c87bace678e7e4 1084162 irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
 3dadc0d2e94a9ce44ae0e3c74d85c2d99ab442212414b895920dac6d6172cbf4 455898 irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb
Files:
 0a2a8c6d461c96388ec28668b2cc2193 1955 net optional irssi_1.0.7-1~deb9u1~bpo8+1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 f1fbdcc1fc8d1ed343648fa4bb05c19c 20916 net optional irssi_1.0.7-1~deb9u1~bpo8+1.debian.tar.xz
 e072b06f431973bd94120ab41380ed8e 1084162 net optional irssi_1.0.7-1~deb9u1~bpo8+1_amd64.deb
 620d4cf7f250d9e7ad2b54390cc1014e 455898 net optional irssi-dev_1.0.7-1~deb9u1~bpo8+1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlrZi4kACgkQ3ugEPuF+
uzCfTBAAs1aNZrHWOdir6QLYgtvohLCHfqKSLPBSgPlHxFI66WSVcCvdGTw7+vkp
w6KDaJ9R0NW62bOsVuJKBSs2Ihs4kDbgUZJucIyBpdtTHT1K2EC+uHU8pXDOmdgW
qeTMBXX6DiG8E04ZwSz5MHvVmGKlgzXYwnU1cPtem4jRAqGJAP7jfglBXppk5Spx
qKFIqXA+Ma5DDDbZpsW/0zdysE9zy/PTkYf9aGrC1uYIBHKGK/Vm8eWyUvi7py6W
lEpLNcoauDN5XpO7WWeG8AX1hYQT0Rej2VgKhpNw0Mdhtar2uHhGN+eKaw2T/4Q/
Zpt6sTFQnU/v8Z2BUL/Mkcyq82AH/pXwKauFHYMl6VaRGxcFjkhyAOkkrzPHMfVw
jyPqn2nu0eQHXBrdyuWezohUBPk4xkzRTtlXwxOYGwbGX9yVE/p1QzdPknGvs1YZ
PNazjr+9ohqLycuDzps+SB9PDE+ifNj53Z6Saag8SuSjKHTcvlIvCAWAHO3Mc8Bj
+gOg3KSx6eL1xY1osa107fulophuYsHuQE3s0i9593Rk5NIAvnu2xteFRQpEFFnR
1BmW0qyBJLyvB+Dh2jtIjNr7hHuoyV0rbRVKNdprZalK24OEB/UeQuqpmM4esdcK
Mam/R6kYSq1kKWcz7cdNdwEFzPdKo9XxhNaMIk1M/n0aWyfbjC0=
=kaOk
-----END PGP SIGNATURE-----
Reply to: