[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1034441: marked as done (unblock: irssi/1.4.3-2)

Your message dated Sun, 16 Apr 2023 09:25:17 +0000
with message-id <E1pnydJ-001UkF-Nd@respighi.debian.org>
and subject line unblock irssi
has caused the Debian Bug report #1034441,
regarding unblock: irssi/1.4.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1034441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034441
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package irssi

The update has just a one-line fix for CVE-2023-29132 applied.
See #1033785 about it.

[ Reason ]
Fixes a security issue.

[ Risks ]
It's one-line that got removed, so the code change is trivial.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock irssi/1.4.3-2
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

diff -Nru irssi-1.4.3/debian/changelog irssi-1.4.3/debian/changelog
--- irssi-1.4.3/debian/changelog	2022-11-04 04:12:48.000000000 +0100
+++ irssi-1.4.3/debian/changelog	2023-04-14 10:25:21.000000000 +0200
@@ -1,3 +1,9 @@
+irssi (1.4.3-2) unstable; urgency=critical
+
+  * Pull commit c554a4 from upstream to fix CVE-2023-29132 (closes: #1033785)
+
+ -- Rhonda D'Vine <rhonda@debian.org>  Fri, 14 Apr 2023 10:25:21 +0200
+
 irssi (1.4.3-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru irssi-1.4.3/debian/patches/04fix_stale_special_collector irssi-1.4.3/debian/patches/04fix_stale_special_collector
--- irssi-1.4.3/debian/patches/04fix_stale_special_collector	1970-01-01 01:00:00.000000000 +0100
+++ irssi-1.4.3/debian/patches/04fix_stale_special_collector	2023-04-14 10:23:46.000000000 +0200
@@ -0,0 +1,20 @@
+From c554a45738712219c066897b09a44d99afeb4240 Mon Sep 17 00:00:00 2001
+From: Ailin Nemui <ailin@d5421s.localdomain>
+Date: Sun, 26 Mar 2023 23:36:41 +0200
+Subject: [PATCH] fix stale special collector use after free
+
+reported by ednash and investigated by @dwfreed
+---
+ src/fe-text/textbuffer-formats.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/src/fe-text/textbuffer-formats.c
++++ b/src/fe-text/textbuffer-formats.c
+@@ -213,7 +213,6 @@
+ 	if (!scrollback_format)
+ 		return;
+ 
+-	special_push_collector(NULL);
+ 	info = store_lineinfo_tmp(dest);
+ 
+ 	info->format = format_rec_new(NULL, NULL, 2, (const char *[]){ NULL, text });
diff -Nru irssi-1.4.3/debian/patches/series irssi-1.4.3/debian/patches/series
--- irssi-1.4.3/debian/patches/series	2022-07-16 21:12:10.000000000 +0200
+++ irssi-1.4.3/debian/patches/series	2023-04-14 10:23:24.000000000 +0200
@@ -1,6 +1,7 @@
 01chanmode_expando_strip
 02ctcp_version_reply
 03firsttimer_text
+04fix_stale_special_collector
 12manpage-fix
 ## disabled for now, Ubuntu-only patch.
 #20fix_ssl_proxy_hostname_check

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: