DoS crash when receiving a certain color code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| weechat (Debian) |
Fix Released
|
Unknown
|
||
| weechat (Ubuntu) |
High
|
Unassigned | ||
| Dapper |
Undecided
|
Unassigned | ||
| Hardy |
Undecided
|
Unassigned | ||
| Intrepid |
Undecided
|
Unassigned | ||
| Jaunty |
High
|
Unassigned |
Bug Description
Binary package hint: weechat
weechat suddenly crash when receiving a certain color code, like (Key code removed since not Relavent, and malicious users are using it to crash Weechat)
I attach a patch from the principal develloper of weechat
Related branches
CVE References
piti (piti-pablo) wrote : | #1 |
piti (piti-pablo) wrote : | #2 |
David Rubin (drubin) wrote : | #3 |
This has been patched in the upstream Debian. http://
Is there a way to sync it downstream again?
This can be fixed in Jaunty with a sync from unstable. Subscribing sponsors for that.
weechat (0.2.6.1-1) unstable; urgency=low
* New upstream release which includes a fix against a possible remote
Denial of Service (crash) while receiving messages with special chars
(Closes: #519940).
* Refresh patch multiple_ip_servers according to the new upstream release.
* Update Standards-Version to 3.8.1.
SRUs will have to be prepared for previous releases.
summary: |
- crash when receiving a certain color code + DoS crash when receiving a certain color code |
Changed in weechat (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in weechat: | |
status: | Unknown → Fix Released |
description: | updated |
Adrien Cunin (adri2000) wrote : | #5 |
Sync request for weechat from Debian unstable to jaunty ACKed. Full changelog:
weechat (0.2.6.1-1) unstable; urgency=low
* New upstream release which includes a fix against a possible remote
Denial of Service (crash) while receiving messages with special chars
(Closes: #519940).
* Refresh patch multiple_ip_servers according to the new upstream release.
* Update Standards-Version to 3.8.1.
-- Emmanuel Bouthenot <email address hidden> Mon, 16 Mar 2009 13:18:29 +0000
weechat (0.2.6-3) unstable; urgency=low
* Add a patch to make weechat try to connect other server IPs
when the first one failed. Thanks to Lionel Elie Mamane for
his patch (Closes: #498610).
* Rename patch 01_perlembed_
* Update debian/control:
- add ${misc:Depends}
- update descriptions
* Update debian/copyright about debian packaging.
* Add Vcs-Browser and Vcs-Git fields in debian/control.
* Add DM-Upload-Allowed field.
-- Emmanuel Bouthenot <email address hidden> Sat, 21 Feb 2009 18:34:08 +0000
Colin Watson (cjwatson) wrote : | #6 |
[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
* Trying to add weechat...
- <weechat_
- <weechat_
- <weechat_
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-
I: weechat [universe] -> weechat-
I: weechat [universe] -> weechat-
Changed in weechat: | |
status: | New → Fix Released |
Colin Watson (cjwatson) wrote : | #8 |
[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
* Trying to add weechat...
- <weechat_
- <weechat_
- <weechat_
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-
I: weechat [universe] -> weechat-
I: weechat [universe] -> weechat-
Changed in weechat: | |
status: | New → Fix Released |
Changed in weechat (Ubuntu Hardy): | |
status: | Fix Released → New |
Changed in weechat (Ubuntu Intrepid): | |
status: | Fix Released → New |
Colin Watson (cjwatson) wrote : | #9 |
Sorry about the duplicate closing message and the bug status confusion; our syncing bot went a bit nuts. I in fact synced this into Jaunty.
Changed in weechat (Ubuntu Jaunty): | |
status: | Confirmed → Fix Released |
piti (piti-pablo) wrote : | #10 |
I attatch diff.gz files with the patch applied
Scott Kitterman (kitterman) wrote : | #14 |
Still need hardy/intrepid debdiffs. Unsubscribing UUS until there is something to review.
Changed in weechat (Ubuntu Intrepid): | |
status: | New → Confirmed |
Changed in weechat (Ubuntu Hardy): | |
status: | New → Fix Committed |
Jamie Strandboge (jdstrand) wrote : | #15 |
weechat (0.2.6-
* fake sync from Debian
weechat (0.2.6-1+lenny1) stable-security; urgency=high
* Fix a bug which allows remote attackers to cause a denial of
service (crash).
-- Jamie Strandboge < <email address hidden>> Wed, 07 Oct 2009 07:02:29 -0500
Changed in weechat (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Marc Deslauriers (mdeslaur) wrote : | #16 |
Dapper desktop is EOL, marking task as "Won't fix."
Changed in weechat (Ubuntu Dapper): | |
status: | New → Won't Fix |
Changed in weechat (Ubuntu Intrepid): | |
assignee: | nobody → Artur Rona (ari-tczew) |
status: | Confirmed → New |
Changed in weechat (Ubuntu Intrepid): | |
status: | New → In Progress |
tags: | added: intrepid patch |
Changed in weechat (Ubuntu Intrepid): | |
assignee: | Artur Rona (ari-tczew) → nobody |
status: | In Progress → New |
Jamie Strandboge (jdstrand) wrote : | #18 |
Intrepid patch: ACK
Artur, thanks for the patch! In the future can you please follow https:/
Changed in weechat (Ubuntu Intrepid): | |
status: | New → Confirmed |
Jamie Strandboge (jdstrand) wrote : | #19 |
Uploaded to security queue.
Changed in weechat (Ubuntu Intrepid): | |
status: | Confirmed → Fix Committed |
Launchpad Janitor (janitor) wrote : | #20 |
This bug was fixed in the package weechat - 0.2.6-1ubuntu0.1
---------------
weechat (0.2.6-1ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: Fix denial of service when receiving
a certain color code. (LP: #342790)
-- Artur Rona <email address hidden> Fri, 26 Mar 2010 18:57:27 +0100
Changed in weechat (Ubuntu Intrepid): | |
status: | Fix Committed → Fix Released |
A new source package is available which corrects this bug: it can be found on the page http:// weechat. flashtux. org/download. php