Accepted irssi 1.0.7-1~deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Mar 2018 10:22:28 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
irssi - terminal based IRC client
irssi-dev - terminal based IRC client - development files
Closes: 879521 886475 890674 890675 890676 890677 890678
Changes:
irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
.
* Security update using upstream version 1.0.7. See changelog entries of
1.0.7-1 and 1.0.5-1 for the CVE lists.
* Remove pulled patches that were put on top of 1.0.2.
* Lower debhelper compat to 10.
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
.
irssi (1.0.5-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
Checksums-Sha1:
dc64227d7478e374aa7363eb6632cf40045d551a 2177 irssi_1.0.7-1~deb9u1.dsc
0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
cb0dee4efa0c93cce87baa35da863ea6895bb8c3 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
b1d6045ff6a2b7ac02aa61ba618c177b243b1868 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
6a061e477a0c28b0e7c1aaca47fbf80fc3605b33 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
a8f251d110cfc33488027f9776bfc29cf2bf361e 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
d78da08269ac5d921bd0a84e8134db4673c682f9 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Checksums-Sha256:
bc0fe07a9ada3495b6726e4a143c6d854176b9da63e0e991de067c890b0a73bb 2177 irssi_1.0.7-1~deb9u1.dsc
1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
7f6bb02371ed3f2e0e425e42991bf6c6ec78245789f04b1b134b60458f81fe37 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
1deb1fff2de475cac7ffc1f8588156759b7937b4277d937cf24e1253fdd3a139 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
4c891cbf01f2f5725ffd2ac0af0d4f4d445e2fdea56eacc47f1d993eaaf4b67d 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
a1b4b6c9f752da2fb37f5fef209e77dbc5bcba17debaf3d396387d0bb624abe2 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
05c10027720f9ccfdb7f627458c69586651306792e9e8ab9aa0fa3c848b64c70 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Files:
d187114676976360fdbd71358fe29934 2177 net optional irssi_1.0.7-1~deb9u1.dsc
6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
edc760cf204c532b22a1a894e1158873 20664 net optional irssi_1.0.7-1~deb9u1.debian.tar.xz
6ed3626c4fee9db5014a327ae1ebbb27 2937626 debug extra irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
e8fd71fcc62eb89725691122a60ad604 454488 net optional irssi-dev_1.0.7-1~deb9u1_amd64.deb
9a9bf940f379853d90c5c0f27343fd18 7136 net optional irssi_1.0.7-1~deb9u1_amd64.buildinfo
c49b810338d63aa5b2052c5e67707208 1082726 net optional irssi_1.0.7-1~deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlq8rUsACgkQ3ugEPuF+
uzDu/hAAhDpmNDtVAf/WG15h0R256NZ64iE+S1IRkx70IVemU3qs3qf3V0LiIz6P
szaWubkDWQaC/FoqJbm3gP4haGpNegQAL7krW6/PvllMwa8YlCJRhFJSUdel5bWX
dBB0GH3XZ36F4abrEuQeFQWnGpCRIF8ny6UXpFOAR1Bn9jyjTydH/toXL1eOypeA
7P2C6nXfx6fPeio5VJHPwtc7eWpEumelKwwEtneR5viNmNLHYAPilVfq+iOI+1bv
aVepgIr1TVbTLSD5QvoQrTDa96EW1X4/ksiU2dk8/F9YFnNnaOAuN7GxuJ6im7nM
XYhrv6wxt8MZC/rqvUFCTJzE5ELh4rHMHIGDi7Cb3HPobH1pnLnPklvPpJ3Gg8aO
PynzfCyPZo8EyBD+Ap/zASSpG1cQnWKrjTR/iKyqTtvop6olSesQUkzrlViOTKso
3h6UAZ9ylAAj7Kz3kvAmgARo/H1oVLomOdrDjZbimaaKJ2poy79FGZvfX+Xv2CBm
FQ00yAj6MY37JHy6jj+Aq6j9mNlQ5bOg1KwFEYKgjZLzFcWkQ27Jq58PW0ggZ5gG
eDCm6yaEWEE6qK0Or7eIX80g0KprrDq7l6ZIjrPETwt1n67ftlKse1rolO9FXfVd
yzK3xU4YgaX5/z5rN4/ZHX55g+XdqaLxXXcaXNaRUQe/C4lRTJw=
=uHpC
-----END PGP SIGNATURE-----
Reply to: