Debian
weechat package

DoS crash when receiving a certain color code

Bug #342790 reported by piti
276
This bug affects 1 person
Affects Status Importance Assigned to Milestone
weechat (Debian)
Fix Released
Unknown
weechat (Ubuntu)
Fix Released
High
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned
Jaunty
Fix Released
High
Unassigned

Bug Description

Binary package hint: weechat

weechat suddenly crash when receiving a certain color code, like (Key code removed since not Relavent, and malicious users are using it to crash Weechat)
I attach a patch from the principal develloper of weechat

See original description
Tags: patch intrepid

CVE References

Revision history for this message
piti (piti-pablo) wrote :
Revision history for this message
piti (piti-pablo) wrote :

A new source package is available which corrects this bug: it can be found on the page http://weechat.flashtux.org/download.php

Revision history for this message
David Rubin (drubin) wrote :

This has been patched in the upstream Debian. http://lists.debian.org/debian-security-announce/2009/msg00054.html

Is there a way to sync it downstream again?

Revision history for this message
Andrew Starr-Bochicchio (andrewsomething) wrote :

This can be fixed in Jaunty with a sync from unstable. Subscribing sponsors for that.

 weechat (0.2.6.1-1) unstable; urgency=low

   * New upstream release which includes a fix against a possible remote
     Denial of Service (crash) while receiving messages with special chars
     (Closes: #519940).
   * Refresh patch multiple_ip_servers according to the new upstream release.
   * Update Standards-Version to 3.8.1.

SRUs will have to be prepared for previous releases.

summary: - crash when receiving a certain color code
+ DoS crash when receiving a certain color code
Changed in weechat (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in weechat:
status: Unknown → Fix Released
David Rubin (drubin)
description: updated
Revision history for this message
Adrien Cunin (adri2000) wrote :

Sync request for weechat from Debian unstable to jaunty ACKed. Full changelog:

weechat (0.2.6.1-1) unstable; urgency=low

  * New upstream release which includes a fix against a possible remote
    Denial of Service (crash) while receiving messages with special chars
    (Closes: #519940).
  * Refresh patch multiple_ip_servers according to the new upstream release.
  * Update Standards-Version to 3.8.1.

 -- Emmanuel Bouthenot <email address hidden> Mon, 16 Mar 2009 13:18:29 +0000

weechat (0.2.6-3) unstable; urgency=low

  * Add a patch to make weechat try to connect other server IPs
    when the first one failed. Thanks to Lionel Elie Mamane for
    his patch (Closes: #498610).
  * Rename patch 01_perlembed_init_macros to perlembed_init_macros.
  * Update debian/control:
     - add ${misc:Depends}
     - update descriptions
  * Update debian/copyright about debian packaging.
  * Add Vcs-Browser and Vcs-Git fields in debian/control.
  * Add DM-Upload-Allowed field.

 -- Emmanuel Bouthenot <email address hidden> Sat, 21 Feb 2009 18:34:08 +0000

Revision history for this message
Colin Watson (cjwatson) wrote :

[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
 * Trying to add weechat...
  - <weechat_0.2.6.1.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <weechat_0.2.6.1-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <weechat_0.2.6.1-1.diff.gz: downloading from http://ftp.debian.org/debian/>
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-curses_0.2.6-2 [universe].
I: weechat [universe] -> weechat-common_0.2.6-2 [universe].
I: weechat [universe] -> weechat-plugins_0.2.6-2 [universe].

Changed in weechat:
status: New → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote :

[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
 * Trying to add weechat...
  - <weechat_0.2.6.1.orig.tar.gz: cached>
  - <weechat_0.2.6.1-1.dsc: cached>
  - <weechat_0.2.6.1-1.diff.gz: cached>
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-curses_0.2.6-2 [universe].
I: weechat [universe] -> weechat-common_0.2.6-2 [universe].
I: weechat [universe] -> weechat-plugins_0.2.6-2 [universe].

Changed in weechat:
status: New → Fix Released
Changed in weechat (Ubuntu Hardy):
status: Fix Released → New
Changed in weechat (Ubuntu Intrepid):
status: Fix Released → New
Revision history for this message
Colin Watson (cjwatson) wrote :

Sorry about the duplicate closing message and the bug status confusion; our syncing bot went a bit nuts. I in fact synced this into Jaunty.

Changed in weechat (Ubuntu Jaunty):
status: Confirmed → Fix Released
Revision history for this message
piti (piti-pablo) wrote :

I attatch diff.gz files with the patch applied

Revision history for this message
Scott Kitterman (kitterman) wrote :

Still need hardy/intrepid debdiffs. Unsubscribing UUS until there is something to review.

Jamie Strandboge (jdstrand)
Changed in weechat (Ubuntu Intrepid):
status: New → Confirmed
Changed in weechat (Ubuntu Hardy):
status: New → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

weechat (0.2.6-1+lenny1build0.8.04.1) hardy-security; urgency=low

  * fake sync from Debian

weechat (0.2.6-1+lenny1) stable-security; urgency=high

  * Fix a bug which allows remote attackers to cause a denial of
    service (crash).

 -- Jamie Strandboge < <email address hidden>> Wed, 07 Oct 2009 07:02:29 -0500

Changed in weechat (Ubuntu Hardy):
status: Fix Committed → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Dapper desktop is EOL, marking task as "Won't fix."

Changed in weechat (Ubuntu Dapper):
status: New → Won't Fix
Artur Rona (ari-tczew)
Changed in weechat (Ubuntu Intrepid):
assignee: nobody → Artur Rona (ari-tczew)
status: Confirmed → New
Artur Rona (ari-tczew)
Changed in weechat (Ubuntu Intrepid):
status: New → In Progress
Artur Rona (ari-tczew)
tags: added: intrepid patch
Changed in weechat (Ubuntu Intrepid):
assignee: Artur Rona (ari-tczew) → nobody
status: In Progress → New
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Intrepid patch: ACK

Artur, thanks for the patch! In the future can you please follow https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging regarding the changelog and DEP-3 in the patches. This makes it much easier to review the origin of the patch. Thanks again!

Changed in weechat (Ubuntu Intrepid):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded to security queue.

Changed in weechat (Ubuntu Intrepid):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package weechat - 0.2.6-1ubuntu0.1

---------------
weechat (0.2.6-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Fix denial of service when receiving
    a certain color code. (LP: #342790)
 -- Artur Rona <email address hidden> Fri, 26 Mar 2010 18:57:27 +0100

Changed in weechat (Ubuntu Intrepid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.