--- Begin Message ---
Package: release.debian.org
Severity: high
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi!
irssi got some security related updates, and I prepared an update. I'm
sending the debdiff for it, should be pretty straight forward, it's
mostly the upstream commit fixing the security issues in a patch file,
and I'm going to upload it now so it makes it in time for the point
release. If anything more is needed please let me know and I can try to
fix that ASAP.
Enjoy,
Rhonda
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
diff -u irssi-0.8.17/debian/changelog irssi-0.8.17/debian/changelog
--- irssi-0.8.17/debian/changelog
+++ irssi-0.8.17/debian/changelog
@@ -1,3 +1,15 @@
+irssi (0.8.17-1+deb8u3) jessie; urgency=low
+
+ * New patch 24security-fixes pulled from upstream commit 6c6c42e3d1b4
+ (besides the one issue in src/fe-text/term-terminfo.c which is 0.8.18
+ onward only), closes: #850403:
+ - CVE-2017-5193: NULL pointer dereference in the nickcmp function
+ - CVE-2017-5194: Use-after-freee when receiving invalid nick message
+ - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes
+ * Set PACKAGE_VERSION for configure as suggested by upstream.
+
+ -- Rhonda D'Vine <rhonda@debian.org> Sat, 07 Jan 2017 15:54:02 +0100
+
irssi (0.8.17-1+deb8u2) jessie; urgency=high
* New patch 23fix-buf.pl to fix an information exposure issue involved with
diff -u irssi-0.8.17/debian/patches/series irssi-0.8.17/debian/patches/series
--- irssi-0.8.17/debian/patches/series
+++ irssi-0.8.17/debian/patches/series
@@ -10,0 +11 @@
+24security-fixes
diff -u irssi-0.8.17/debian/rules irssi-0.8.17/debian/rules
--- irssi-0.8.17/debian/rules
+++ irssi-0.8.17/debian/rules
@@ -42,6 +42,8 @@
--enable-ipv6 --with-bot --with-proxy --enable-true-color \
--with-perl-lib=vendor
+VERSION = $(shell dpkg-parsechangelog | grep "^Version:" | cut -d" " -f2)
+
# enable DANE only on linux, libval doesn't compile on kfreebsd (yet)
ifneq (,$(findstring linux,$(DEB_HOST_ARCH_OS)))
CONFIGURE_SWITCHES += --enable-dane
@@ -51,7 +53,7 @@
dh_testdir
# Add here commands to configure the package.
dh_autotools-dev_updateconfig
- CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES)
+ CFLAGS="$(CFLAGS)" ./configure $(CONFIGURE_SWITCHES) PACKAGE_VERSION=$(VERSION)
build: build-arch build-indep
only in patch2:
unchanged:
--- irssi-0.8.17.orig/debian/patches/24security-fixes
+++ irssi-0.8.17/debian/patches/24security-fixes
@@ -0,0 +1,79 @@
+Author: ailin-nemui vim:ft=diff:
+Description: CVE-2017-5193 CVE-2017-5194 CVE-2017-5195
+ Upstream commit 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+ besides the fix for CVE-2017-5196 which is for 0.8.18 onward
+
+
+--- a/src/fe-common/core/formats.c
++++ b/src/fe-common/core/formats.c
+@@ -68,7 +68,7 @@ static void format_expand_code(const cha
+
+ if (flags == NULL) {
+ /* flags are being ignored - skip the code */
+- while (**format != ']')
++ while (**format != ']' && **format != '\0')
+ (*format)++;
+ return;
+ }
+@@ -246,6 +246,10 @@ int format_expand_styles(GString *out, c
+ case '[':
+ /* code */
+ format_expand_code(format, out, flags);
++ if ((*format)[0] == '\0')
++ /* oops, reached end prematurely */
++ (*format)--;
++
+ break;
+ case 'x':
+ case 'X':
+@@ -969,6 +973,7 @@ static const char *get_ansi_color(THEME_
+ str++;
+ for (num2 = 0; i_isdigit(*str); str++)
+ num2 = num2*10 + (*str-'0');
++ if (*str == '\0') return start;
+
+ switch (num2) {
+ case 2:
+@@ -986,6 +991,8 @@ static const char *get_ansi_color(THEME_
+ for (; i_isdigit(*str); str++)
+ num2 = (num2&~0xff) |
+ (((num2&0xff) * 10 + (*str-'0'))&0xff);
++
++ if (*str == '\0') return start;
+ }
+
+ if (i == -1) break;
+@@ -1014,6 +1021,7 @@ static const char *get_ansi_color(THEME_
+ str++;
+ for (num2 = 0; i_isdigit(*str); str++)
+ num2 = num2*10 + (*str-'0');
++ if (*str == '\0') return start;
+
+ if (num == 38) {
+ flags &= ~GUI_PRINT_FLAG_COLOR_24_FG;
+--- a/src/irc/core/irc-nicklist.c
++++ b/src/irc/core/irc-nicklist.c
+@@ -338,7 +338,11 @@ static void event_whois_ircop(SERVER_REC
+ static void event_nick_invalid(IRC_SERVER_REC *server, const char *data)
+ {
+ if (!server->connected)
+- server_disconnect((SERVER_REC *) server);
++ /* we used to call server_disconnect but that crashes
++ irssi because of undefined memory access. instead,
++ indicate that the connection should be dropped and
++ let the irc method to the clean-up. */
++ server->connection_lost = server->no_reconnect = TRUE;
+ }
+
+ static void event_nick_in_use(IRC_SERVER_REC *server, const char *data)
+--- a/src/irc/core/irc-queries.c
++++ b/src/irc/core/irc-queries.c
+@@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC
+ {
+ GSList *tmp;
+
++ g_return_val_if_fail(nick != NULL, NULL);
++
+ for (tmp = server->queries; tmp != NULL; tmp = tmp->next) {
+ QUERY_REC *rec = tmp->data;
+
--- End Message ---