Re: [SECURITY] [DSA 4016-1] irssi security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 4016-1] irssi security update
From: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 3 Nov 2017 21:07:52 +0100
Message-id: <[🔎] 20171103200752.mynjlkjzxrw2ccez@roeckx.be>
In-reply-to: <E1eAi06-0003CX-Vl@seger.debian.org>
References: <E1eAi06-0003CX-Vl@seger.debian.org>

On Fri, Nov 03, 2017 at 07:51:34PM +0000, Salvatore Bonaccorso wrote:
> CVE-2017-15721
> 
>     Joseph Bisch discovered that Irssi does not properly handle
>     incorrectly formatted DCC CTCP messages. A malicious IRC server can
>     take advantage of this flaw to cause Irssi to crash, resulting in a
>     denial of service.

Since DCC stands for Direct Client to Client, the IRC server is
not involved and it can probably be triggered by an other user.


Kurt

Reply to:

Prev by Date: Re: Unsuscribe
Next by Date: make-pgp-clean-room suggestions / patches
Previous by thread: Re: Unsuscribe
Next by thread: make-pgp-clean-room suggestions / patches
Index(es):
- Date
- Thread