DoS crash when receiving a certain color code

Bug #342790 reported by piti on 2009-03-14
276
This bug affects 1 person
Affects Status Importance Assigned to Milestone
weechat (Debian)
Fix Released
Unknown
weechat (Ubuntu)
High
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned
Jaunty
High
Unassigned

Bug Description

Binary package hint: weechat

weechat suddenly crash when receiving a certain color code, like (Key code removed since not Relavent, and malicious users are using it to crash Weechat)
I attach a patch from the principal develloper of weechat

CVE References

piti (piti-pablo) wrote :
piti (piti-pablo) wrote :

A new source package is available which corrects this bug: it can be found on the page http://weechat.flashtux.org/download.php

David Rubin (drubin) wrote :

This has been patched in the upstream Debian. http://lists.debian.org/debian-security-announce/2009/msg00054.html

Is there a way to sync it downstream again?

This can be fixed in Jaunty with a sync from unstable. Subscribing sponsors for that.

 weechat (0.2.6.1-1) unstable; urgency=low

   * New upstream release which includes a fix against a possible remote
     Denial of Service (crash) while receiving messages with special chars
     (Closes: #519940).
   * Refresh patch multiple_ip_servers according to the new upstream release.
   * Update Standards-Version to 3.8.1.

SRUs will have to be prepared for previous releases.

summary: - crash when receiving a certain color code
+ DoS crash when receiving a certain color code
Changed in weechat (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Changed in weechat:
status: Unknown → Fix Released
David Rubin (drubin) on 2009-03-20
description: updated
Adrien Cunin (adri2000) wrote :

Sync request for weechat from Debian unstable to jaunty ACKed. Full changelog:

weechat (0.2.6.1-1) unstable; urgency=low

  * New upstream release which includes a fix against a possible remote
    Denial of Service (crash) while receiving messages with special chars
    (Closes: #519940).
  * Refresh patch multiple_ip_servers according to the new upstream release.
  * Update Standards-Version to 3.8.1.

 -- Emmanuel Bouthenot <email address hidden> Mon, 16 Mar 2009 13:18:29 +0000

weechat (0.2.6-3) unstable; urgency=low

  * Add a patch to make weechat try to connect other server IPs
    when the first one failed. Thanks to Lionel Elie Mamane for
    his patch (Closes: #498610).
  * Rename patch 01_perlembed_init_macros to perlembed_init_macros.
  * Update debian/control:
     - add ${misc:Depends}
     - update descriptions
  * Update debian/copyright about debian packaging.
  * Add Vcs-Browser and Vcs-Git fields in debian/control.
  * Add DM-Upload-Allowed field.

 -- Emmanuel Bouthenot <email address hidden> Sat, 21 Feb 2009 18:34:08 +0000

Colin Watson (cjwatson) wrote :

[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
 * Trying to add weechat...
  - <weechat_0.2.6.1.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <weechat_0.2.6.1-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <weechat_0.2.6.1-1.diff.gz: downloading from http://ftp.debian.org/debian/>
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-curses_0.2.6-2 [universe].
I: weechat [universe] -> weechat-common_0.2.6-2 [universe].
I: weechat [universe] -> weechat-plugins_0.2.6-2 [universe].

Changed in weechat:
status: New → Fix Released
Colin Watson (cjwatson) wrote :

[Updating] weechat (0.2.6-2 [Ubuntu] < 0.2.6.1-1 [Debian])
 * Trying to add weechat...
  - <weechat_0.2.6.1.orig.tar.gz: cached>
  - <weechat_0.2.6.1-1.dsc: cached>
  - <weechat_0.2.6.1-1.diff.gz: cached>
I: weechat [universe] -> weechat_0.2.6-2 [universe].
I: weechat [universe] -> weechat-curses_0.2.6-2 [universe].
I: weechat [universe] -> weechat-common_0.2.6-2 [universe].
I: weechat [universe] -> weechat-plugins_0.2.6-2 [universe].

Changed in weechat:
status: New → Fix Released
Changed in weechat (Ubuntu Hardy):
status: Fix Released → New
Changed in weechat (Ubuntu Intrepid):
status: Fix Released → New
Colin Watson (cjwatson) wrote :

Sorry about the duplicate closing message and the bug status confusion; our syncing bot went a bit nuts. I in fact synced this into Jaunty.

Changed in weechat (Ubuntu Jaunty):
status: Confirmed → Fix Released
piti (piti-pablo) wrote :

I attatch diff.gz files with the patch applied

Scott Kitterman (kitterman) wrote :

Still need hardy/intrepid debdiffs. Unsubscribing UUS until there is something to review.

Changed in weechat (Ubuntu Intrepid):
status: New → Confirmed
Changed in weechat (Ubuntu Hardy):
status: New → Fix Committed
Jamie Strandboge (jdstrand) wrote :

weechat (0.2.6-1+lenny1build0.8.04.1) hardy-security; urgency=low

  * fake sync from Debian

weechat (0.2.6-1+lenny1) stable-security; urgency=high

  * Fix a bug which allows remote attackers to cause a denial of
    service (crash).

 -- Jamie Strandboge < <email address hidden>> Wed, 07 Oct 2009 07:02:29 -0500

Changed in weechat (Ubuntu Hardy):
status: Fix Committed → Fix Released
Marc Deslauriers (mdeslaur) wrote :

Dapper desktop is EOL, marking task as "Won't fix."

Changed in weechat (Ubuntu Dapper):
status: New → Won't Fix
Artur Rona (ari-tczew) on 2010-03-20
Changed in weechat (Ubuntu Intrepid):
assignee: nobody → Artur Rona (ari-tczew)
status: Confirmed → New
Artur Rona (ari-tczew) on 2010-03-24
Changed in weechat (Ubuntu Intrepid):
status: New → In Progress
Artur Rona (ari-tczew) on 2010-03-26
tags: added: intrepid patch
Changed in weechat (Ubuntu Intrepid):
assignee: Artur Rona (ari-tczew) → nobody
status: In Progress → New
Jamie Strandboge (jdstrand) wrote :

Intrepid patch: ACK

Artur, thanks for the patch! In the future can you please follow https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging regarding the changelog and DEP-3 in the patches. This makes it much easier to review the origin of the patch. Thanks again!

Changed in weechat (Ubuntu Intrepid):
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Uploaded to security queue.

Changed in weechat (Ubuntu Intrepid):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package weechat - 0.2.6-1ubuntu0.1

---------------
weechat (0.2.6-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Fix denial of service when receiving
    a certain color code. (LP: #342790)
 -- Artur Rona <email address hidden> Fri, 26 Mar 2010 18:57:27 +0100

Changed in weechat (Ubuntu Intrepid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.