diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-07-08 16:34:33 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-07-08 20:32:19 +0200 |
| commit | 9bf78446888ed3b98d893e70ce4f5e4679fd2ebb (patch) | |
| tree | f60eaf3d6f29cbce17edfa1a1290d0c65658e185 /package/irssi/irssi.mk | |
| parent | bdca0d05816fec8472b1d32301f55df152b86466 (diff) | |
| download | buildroot-9bf78446888ed3b98d893e70ce4f5e4679fd2ebb.tar.gz buildroot-9bf78446888ed3b98d893e70ce4f5e4679fd2ebb.zip | |
irssi: security bump to version 1.0.4
>From the advisory:
https://irssi.org/security/irssi_sa_2017_07.txt
Two vulnerabilities have been located in Irssi.
(a) When receiving messages with invalid time stamps, Irssi would try
to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
of Geeknik Labs. (CWE-690)
CVE-2017-10965 [2] was assigned to this bug
(b) While updating the internal nick list, Irssi may incorrectly use
the GHashTable interface and free the nick while updating it. This
will then result in use-after-free conditions on each access of
the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
Labs. (CWE-416 caused by CWE-227)
CVE-2017-10966 [3] was assigned to this bug
Impact
------
(a) May result in denial of service (remote crash).
(b) Undefined behaviour.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/irssi/irssi.mk')
| -rw-r--r-- | package/irssi/irssi.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk index ef9d0aafbd..d2b8169479 100644 --- a/package/irssi/irssi.mk +++ b/package/irssi/irssi.mk @@ -4,7 +4,7 @@ # ################################################################################ -IRSSI_VERSION = 1.0.3 +IRSSI_VERSION = 1.0.4 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz # Do not use the github helper here. The generated tarball is *NOT* the # same as the one uploaded by upstream for the release. |
