Hi! Please find attached a proposed update for irssi in lenny to fix CVE-2009-1959. It's a too minor issue to warrant a DSA so I have to go this path. I chose this versioning because the next version after 0.8.12-6 was a new upstream version so there is no need to special release-mangle the version string. Thanks for double-checking, can do the upload any moment, build is ready. So long! Rhonda
diff -u irssi-0.8.12/debian/changelog irssi-0.8.12/debian/changelog --- irssi-0.8.12/debian/changelog +++ irssi-0.8.12/debian/changelog @@ -1,3 +1,10 @@ +irssi (0.8.12-7) unstable; urgency=medium + + * Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops + (closes: #531357) + + -- Gerfried Fuchs <rhonda@debian.at> Fri, 19 Jun 2009 10:35:10 +0200 + irssi (0.8.12-6) unstable; urgency=low * New patch: diff -u irssi-0.8.12/debian/patches/series irssi-0.8.12/debian/patches/series --- irssi-0.8.12/debian/patches/series +++ irssi-0.8.12/debian/patches/series @@ -16,0 +17 @@ +16wallops-fix only in patch2: unchanged: --- irssi-0.8.12.orig/debian/patches/16wallops-fix +++ irssi-0.8.12/debian/patches/16wallops-fix @@ -0,0 +1,17 @@ +Author: Jilles Tjoelker <jilles> vim:ft=diff: +Description: Fix out of bounds access in event_wallops(). + (Upstream r5068, Upstream Bug #662, BTS #531357) + +Index: irssi-0.8.12/src/fe-common/irc/fe-events.c +=================================================================== +--- irssi-0.8.12.orig/src/fe-common/irc/fe-events.c ++++ irssi-0.8.12/src/fe-common/irc/fe-events.c +@@ -278,7 +278,7 @@ static void event_wallops(IRC_SERVER_REC + + tmp = g_strdup(data+8); + len = strlen(tmp); +- if (tmp[len-1] == 1) tmp[len-1] = '\0'; ++ if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0'; + printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp); + g_free(tmp); + }
Attachment:
signature.asc
Description: Digital signature