2017-04-26 17:52:46 |
Jeremy Bícha |
bug |
|
|
added bug |
2017-04-26 17:53:04 |
Jeremy Bícha |
cve linked |
|
2017-8073 |
|
2017-04-26 17:54:05 |
Jeremy Bícha |
description |
weechat (1.7-3) unstable; urgency=medium
.
* Add a patch to fix CVE-2017-8073 which allows a remote crash by
sending a filename via DCC to the IRC plugin (Closes: #861121)
That version was synced to Ubuntu 17.10 Alpha "artful"
References
----------
https://security-tracker.debian.org/tracker/CVE-2017-8073
https://weechat.org/download/security/ (all other listed security bugs already fixed in 14.04 LTS and newer)
https://github.com/weechat/weechat/commit/2fb346f25f79
Testing Done
------------
None |
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC tot he IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
Fixed in Debian
---------------
weechat (1.7-3) unstable; urgency=medium
.
* Add a patch to fix CVE-2017-8073 which allows a remote crash by
sending a filename via DCC to the IRC plugin (Closes: #861121)
That version was synced to Ubuntu 17.10 Alpha "artful"
References
----------
https://security-tracker.debian.org/tracker/CVE-2017-8073
https://weechat.org/download/security/ (all other listed security bugs already fixed in 14.04 LTS and newer)
https://github.com/weechat/weechat/commit/2fb346f25f79
Testing Done
------------
None |
|
2017-04-26 17:54:13 |
Jeremy Bícha |
information type |
Public |
Public Security |
|
2017-04-26 18:21:36 |
Jeremy Bícha |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121 |
|
2017-04-26 18:21:36 |
Jeremy Bícha |
bug task added |
|
weechat (Debian) |
|
2017-04-26 18:21:50 |
Jeremy Bícha |
weechat (Ubuntu): status |
New |
Confirmed |
|
2017-04-26 18:23:02 |
Jeremy Bícha |
attachment added |
|
weechat-2017-8073-trusty.debdiff https://bugs.launchpad.net/debian/+source/weechat/+bug/1686478/+attachment/4868326/+files/weechat-2017-8073-trusty.debdiff |
|
2017-04-26 18:23:19 |
Jeremy Bícha |
attachment added |
|
weechat-2017-8073-xenial.debdiff https://bugs.launchpad.net/debian/+source/weechat/+bug/1686478/+attachment/4868327/+files/weechat-2017-8073-xenial.debdiff |
|
2017-04-26 18:23:33 |
Jeremy Bícha |
attachment added |
|
weechat-2017-8073-yakkety.debdiff https://bugs.launchpad.net/debian/+source/weechat/+bug/1686478/+attachment/4868328/+files/weechat-2017-8073-yakkety.debdiff |
|
2017-04-26 18:23:52 |
Jeremy Bícha |
attachment added |
|
weechat-2017-8073-zesty.debdiff https://bugs.launchpad.net/debian/+source/weechat/+bug/1686478/+attachment/4868329/+files/weechat-2017-8073-zesty.debdiff |
|
2017-04-26 18:24:05 |
Jeremy Bícha |
tags |
trusty xenial yakkety zesty |
patch trusty xenial yakkety zesty |
|
2017-04-26 18:24:28 |
Jeremy Bícha |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2017-04-26 22:08:57 |
Bug Watch Updater |
weechat (Debian): status |
Unknown |
Fix Released |
|
2017-04-28 02:36:05 |
Launchpad Janitor |
weechat (Ubuntu): status |
Confirmed |
Fix Released |
|
2017-04-28 02:36:06 |
Launchpad Janitor |
weechat (Ubuntu): status |
Confirmed |
Fix Released |
|
2017-04-28 02:36:07 |
Launchpad Janitor |
weechat (Ubuntu): status |
Confirmed |
Fix Released |
|