[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

irssi-plugin-silc unusable in Debian Lenny and embedded code copy


recently I've noticed that irssi-plugin-silc does not work with the
irssi in Lenny. The problem is that it segfaults when used with the
irssi version in Lenny. There is also a bug report for this on [1].
Because a group of people, which I'm part of, wanted to migrate from an
IRC channel to SILC we noticed this and investigated further.
The person who worked on this noticed that the source package of
irssi-plugin-silc uses an embedded code copy of irssi 0.8.11, which is
used to build the irssi plugin. Unfortunately the code where the
segfault appearently happens has been changed in more recent irssi
versions, so the segfault is... understandable.

So we basically have two problems, where one is one that the security
team should be aware of it (I don't know if they are, so I CC'ed you).

1. Segmentation faults when using irssi-plugin-silc in Lenny
(which basically makes it release _unsuitable_)

2. Code copy of irssi 0.8.11 in silc-client-1.1.4 source package
(apps/irssi) [relevant for sec. team]

Well, the patch is obvious. Fix the plugin to work against the version
in lenny. There has been some work done over in OpenBSD, one should look
at this [2] when fixing it.

Now remaining is the question: What should happen?
In my opinion the SILC team should either coordinate a fix with the
release team quickly or the package should be RM'd.

Best Regards,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522080
[2] http://openports.se/net/irssi-silc

Attachment: signature.asc
Description: Digital signature

Reply to: