Please merge the latest bug release, 1.0.7-1, from Debian
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
irssi (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
While the version in Bionic contains the CVE fixes, it would be nice to ship the latest bugfix release in the 1.0.x series.
dget https:/
Source: irssi
Version: 1.0.7-1ubuntu1
Distribution: devel
Urgency: high
Maintainer: Unit 193 <email address hidden>
Timestamp: 1520636093
Date: Fri, 09 Mar 2018 17:54:53 -0500
Closes: 886475 890674 890675 890676 890677 890678
Changes:
irssi (1.0.7-1ubuntu1) devel; urgency=medium
.
* Merge from Debian. Remaining changes:
- Refresh and re-enabled 20fix_ssl_
- When we have a proxy setting, we expect the CN to match
the proxy hostname, not the server hostname.
- d/p/90irc-
+ Add the Ubuntu network with irc.ubuntu.com as the server,
which is currently a CNAME for chat.freenode.net.
- d/p/03firsttime
+ Adapt 03firsttimer_text so it tells you about
connecting to Ubuntu and joining #ubuntu.
* Changes no longer needed:
- d/p/CVE-
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
tags: | added: needs-debian-merge upgrade-software-version |
sponsored after changing "devel" to "cosmic" and adding this bug as reference in changelog