[SECURITY] [DSA 3885-1] irssi security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3885-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : irssi
CVE ID : CVE-2017-9468 CVE-2017-9469
Debian Bug : 864400
Multiple vulnerabilities have been discovered in Irssi, a terminal based
IRC client. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2017-9468
Joseph Bisch discovered that Irssi does not properly handle DCC
messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.
CVE-2017-9469
Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.
For the oldstable distribution (jessie), these problems have been fixed
in version 0.8.17-1+deb8u4.
For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-1+deb9u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.3-1.
We recommend that you upgrade your irssi packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllGM+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rm2w/9GMVypsFaddIvAkbI+99U7HW4ktTmym8QxKCNasjPDh5QtM/HmMxTGat7
o2x9B93N8/JNebCRhDbYdjT8OodPhlLDfgUM1uwA0oUiVbpRnlgYQlg1wPm2JXJW
Uiq9MMIJjVXQqKZiJCTy/Ux0ygWnWqmbdSUh7UslGexHmUB/uQd8Fth2MoYKNfi0
+VI2IwJjXdX6Z3CA0E8clegO0j/0Db4Bcvm+lvf2nwQ/5oDwAbdtFN4paHi1zfiE
a0ksJM/VJh9l0mhAiGrt0FNQ59so+ME6Sha3f6/2GnIpIoDWrSCVceQBBoGJZlas
PqP8KqSH/4wb9bDAfjWoHLOZwup6Sv2lYoAGSlhAuKzgXWJFj8iOgo7Blsn8Drrc
k3y/st68qSZwzNOYPOB3VKY3YbvLfkZWg2XaD3t4F/+0errgszsWKVyIjBWkW2Cj
s3ICBUp8eiYAb2Aud0uAIRcPcy/x/O7JkgYCzeaXsHzxD6sPKoW/4OWGlrryyI/e
fKAVteoa+K1nk3tBc1Jaj4lxHSh01tUsCQc5csEtDQiPT/gwTsW3sQaipOSoEFTH
VjI/9GNAGcarAZ8rhpOtgXbk5pl9na7/OL7Ne4RCQsEDoqBSluzJ/ggGK+8RmWOX
rda2/2ZMwk+ic5UBb6DQh+fw4ZOl5iIYfTTyzNvBtxl/AM0Nfu4=
=Bd44
-----END PGP SIGNATURE-----
Reply to: