Bug#870659: pu: package irssi/1.0.2-1+deb9u2
* Adam D. Barratt <adam@adam-barratt.org.uk> [2017-08-03 23:34:18 CEST]:
> Control: tags -1 + stretch moreinfo
>
> On Thu, 2017-08-03 at 22:13 +0200, Rhonda D'Vine wrote:
> > for fixing #867598 in stable I prepared a 1.0.2-1+deb9u2 update for
> > irssi. Please find the debdiff attached.
>
> Apparently not. :)
Darn. I really need more caffein, but people won't bring it to me in
the Garden. :)
Find it attached this time, for sure.
Rhonda
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
diff -Nru irssi-1.0.2/debian/changelog irssi-1.0.2/debian/changelog
--- irssi-1.0.2/debian/changelog 2017-06-17 09:21:44.000000000 -0400
+++ irssi-1.0.2/debian/changelog 2017-08-03 15:59:51.000000000 -0400
@@ -1,3 +1,11 @@
+irssi (1.0.2-1+deb9u2) stretch; urgency=high
+
+ * Security related update pulling upstream 5e26325317 (closes: 867598):
+ - Fix null pointer dereference (CVE-2017-10965)
+ - Fix use-after-free condition for nicklist (CVE-2017-10966)
+
+ -- Rhonda D'Vine <rhonda@debian.org> Thu, 03 Aug 2017 15:59:51 -0400
+
irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch
--- irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch 1969-12-31 19:00:00.000000000 -0500
+++ irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch 2017-08-03 15:59:51.000000000 -0400
@@ -0,0 +1,72 @@
+From 29ebac987da1da2c892aed5ed329256b7bc94bca Mon Sep 17 00:00:00 2001
+From: Nei <ailin.nemui@gmail.com>
+Date: Thu, 29 Jun 2017 13:48:44 +0000
+Subject: [PATCH 1/2] Check return value of localtime
+
+Fixes #10
+---
+ src/core/misc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/misc.c b/src/core/misc.c
+index ce49925b1..0b2d8e776 100644
+--- a/src/core/misc.c
++++ b/src/core/misc.c
+@@ -560,6 +560,9 @@ char *my_asctime(time_t t)
+ int len;
+
+ tm = localtime(&t);
++ if (tm == NULL)
++ return g_strdup("???");
++
+ str = g_strdup(asctime(tm));
+
+ len = strlen(str);
+
+From 73b851c39c11d01199e6c040749fb20e468f6c8d Mon Sep 17 00:00:00 2001
+From: ailin-nemui <ailin-nemui@users.noreply.github.com>
+Date: Tue, 4 Jul 2017 16:10:55 +0200
+Subject: [PATCH 2/2] correct GHashTable usage
+
+---
+ src/core/nicklist.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/nicklist.c b/src/core/nicklist.c
+index 54dfb5fb2..0bc88ab8d 100644
+--- a/src/core/nicklist.c
++++ b/src/core/nicklist.c
+@@ -54,23 +54,26 @@ static void nick_hash_add(CHANNEL_REC *channel, NICK_REC *nick)
+
+ static void nick_hash_remove(CHANNEL_REC *channel, NICK_REC *nick)
+ {
+- NICK_REC *list;
++ NICK_REC *list, *newlist;
+
+ list = g_hash_table_lookup(channel->nicks, nick->nick);
+ if (list == NULL)
+ return;
+
+- if (list == nick || list->next == NULL) {
+- g_hash_table_remove(channel->nicks, nick->nick);
+- if (list->next != NULL) {
+- g_hash_table_insert(channel->nicks, nick->next->nick,
+- nick->next);
+- }
++ if (list == nick) {
++ newlist = nick->next;
+ } else {
++ newlist = list;
+ while (list->next != nick)
+ list = list->next;
+ list->next = nick->next;
+ }
++
++ g_hash_table_remove(channel->nicks, nick->nick);
++ if (newlist != NULL) {
++ g_hash_table_insert(channel->nicks, newlist->nick,
++ newlist);
++ }
+ }
+
+ /* Add new nick to list */
diff -Nru irssi-1.0.2/debian/patches/series irssi-1.0.2/debian/patches/series
--- irssi-1.0.2/debian/patches/series 2017-06-17 09:21:44.000000000 -0400
+++ irssi-1.0.2/debian/patches/series 2017-08-03 15:59:51.000000000 -0400
@@ -10,3 +10,4 @@
25tls-ssl-compat-defines
26Fix-dcc_request-where-addr-is-NULL.patch
27Fix-oob-read-of-one-byte-in-get_file_params_count-_r.patch
+28Fix-use-after-free-and-null-pointer-dereference.patch
Reply to: