[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

irssi update for lenny



	Hi!

 Please find attached a proposed update for irssi in lenny to fix
CVE-2009-1959. It's a too minor issue to warrant a DSA so I have to go
this path.

 I chose this versioning because the next version after 0.8.12-6 was a
new upstream version so there is no need to special release-mangle the
version string.

 Thanks for double-checking, can do the upload any moment, build is
ready.

 So long!
Rhonda
diff -u irssi-0.8.12/debian/changelog irssi-0.8.12/debian/changelog
--- irssi-0.8.12/debian/changelog
+++ irssi-0.8.12/debian/changelog
@@ -1,3 +1,10 @@
+irssi (0.8.12-7) unstable; urgency=medium
+
+  * Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops
+    (closes: #531357)
+
+ -- Gerfried Fuchs <rhonda@debian.at>  Fri, 19 Jun 2009 10:35:10 +0200
+
 irssi (0.8.12-6) unstable; urgency=low
 
   * New patch:
diff -u irssi-0.8.12/debian/patches/series irssi-0.8.12/debian/patches/series
--- irssi-0.8.12/debian/patches/series
+++ irssi-0.8.12/debian/patches/series
@@ -16,0 +17 @@
+16wallops-fix
only in patch2:
unchanged:
--- irssi-0.8.12.orig/debian/patches/16wallops-fix
+++ irssi-0.8.12/debian/patches/16wallops-fix
@@ -0,0 +1,17 @@
+Author: Jilles Tjoelker <jilles>	vim:ft=diff:
+Description: Fix out of bounds access in event_wallops().
+    (Upstream r5068, Upstream Bug #662, BTS #531357)
+
+Index: irssi-0.8.12/src/fe-common/irc/fe-events.c
+===================================================================
+--- irssi-0.8.12.orig/src/fe-common/irc/fe-events.c
++++ irssi-0.8.12/src/fe-common/irc/fe-events.c
+@@ -278,7 +278,7 @@ static void event_wallops(IRC_SERVER_REC
+ 
+ 		tmp = g_strdup(data+8);
+ 		len = strlen(tmp);
+-		if (tmp[len-1] == 1) tmp[len-1] = '\0';
++		if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0';
+ 		printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp);
+ 		g_free(tmp);
+ 	}

Attachment: signature.asc
Description: Digital signature


Reply to: