irssi: security bump to version 1.0.7 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2018-03-18 15:40:08 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2018-04-06 16:38:43 +0200
commit	dbfe123f104c028723d1eb1b5d8d2fdccf727eac (patch)
tree	11d16b8bc245fa1aefe90416732bea9ad6071458 /package/lua-datafile/lua-datafile.hash
parent	5b582bf191a759b83a95764b3b0acf6c1b2c28c8 (diff)
download	buildroot-dbfe123f104c028723d1eb1b5d8d2fdccf727eac.tar.gz buildroot-dbfe123f104c028723d1eb1b5d8d2fdccf727eac.zip

irssi: security bump to version 1.0.7

Fixes the following security issues: Use after free when server is disconnected during netsplits. Incomplete fix of CVE-2017-7191. Found by Joseph Bisch. (CWE-416, CWE-825) - CVE-2018-7054 [2] was assigned to this issue. Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch. (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to this issue. Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch. (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned to this issue. When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. Found by Joseph Bisch. (CWE-690) - CVE-2018-7052 [5] was assigned to this issue. Certain nick names could result in out of bounds access when printing theme strings. Found by Oss-Fuzz. (CWE-126) - CVE-2018-7051 [6] was assigned to this issue. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 181ef8a1d01ddfa2be0b59ea85eb8902b0ce12c0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/lua-datafile/lua-datafile.hash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: