Ubuntu
weechat package

CVE-2017-8073 weechat remote crash

Bug #1686478 reported by Jeremy Bícha
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
weechat (Debian)
Fix Released
Unknown
weechat (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC tot he IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

Fixed in Debian
---------------
weechat (1.7-3) unstable; urgency=medium
 .
  * Add a patch to fix CVE-2017-8073 which allows a remote crash by
    sending a filename via DCC to the IRC plugin (Closes: #861121)

That version was synced to Ubuntu 17.10 Alpha "artful"

References
----------
https://security-tracker.debian.org/tracker/CVE-2017-8073
https://weechat.org/download/security/ (all other listed security bugs already fixed in 14.04 LTS and newer)

https://github.com/weechat/weechat/commit/2fb346f25f79

Testing Done
------------
None

See original description

CVE References

Jeremy Bícha (jbicha)
description: updated
information type: Public → Public Security
Revision history for this message
Jeremy Bícha (jbicha) wrote :

I used simple version numbers after checking the Ubuntu publishing history. I hope that's not a problem.

Changed in weechat (Ubuntu):
status: New → Confirmed
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
tags: added: patch
Bug Watch Updater (bug-watch-updater)
Changed in weechat (Debian):
status: Unknown → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hi Jeremy, thanks for the debdiffs. I changed the ...ubuntu1 to ...ubuntu0.1 version numbers, but if the builds succeed and pass sanity checks, I'll publish them tomorrow.

Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package weechat - 1.7-2ubuntu0.1

---------------
weechat (1.7-2ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: remote buffer overflow crash by sending a filename
    via DCC to the IRC plugin (LP: #1686478)
    - debian/patches/03_fix_CVE-2017-8073.patch: Fix quote removal in
      irc_ctcp_dcc_filename_without_quotes function in
      src/plugins/irc/irc-ctcp.c. Patch from 1.7.1 via Debian.
    - CVE-2017-8073

 -- Jeremy Bicha <email address hidden> Wed, 26 Apr 2017 14:10:49 -0400

Changed in weechat (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package weechat - 1.5-1ubuntu0.1

---------------
weechat (1.5-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: remote buffer overflow crash by sending a filename
    via DCC to the IRC plugin (LP: #1686478)
    - debian/patches/03_fix_CVE-2017-8073.patch: Fix quote removal in
      irc_ctcp_dcc_filename_without_quotes function in
      src/plugins/irc/irc-ctcp.c. Patch from 1.7.1 via Debian.
    - CVE-2017-8073

 -- Jeremy Bicha <email address hidden> Wed, 26 Apr 2017 14:10:49 -0400

Changed in weechat (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package weechat - 0.4.2-3ubuntu0.1

---------------
weechat (0.4.2-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: remote buffer overflow crash by sending a filename
    via DCC to the IRC plugin (LP: #1686478)
    - debian/patches/03_fix_CVE-2017-8073.patch: Fix quote removal in
      irc_ctcp_dcc_filename_without_quotes function in
      src/plugins/irc/irc-ctcp.c. Patch from 1.7.1 via Debian.
    - CVE-2017-8073

 -- Jeremy Bicha <email address hidden> Wed, 26 Apr 2017 14:10:49 -0400

Changed in weechat (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I'm not sure where the launchpad comment went for the xenial upload but that appears to have published as expected https://launchpad.net/ubuntu/+source/weechat/1.4-2ubuntu0.1

Thanks Jeremy

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.