Bug 223169 - irc/irssi: Update to 1.0.5, Fixes multiple security vulnerabilities
Summary: irc/irssi: Update to 1.0.5, Fixes multiple security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Danilo G. Baio
URL: https://irssi.org/security/irssi_sa_2...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-22 15:11 UTC by David O'Rourke
Modified: 2017-10-23 14:54 UTC (History)
1 user (show)

See Also:
dbaio: merge-quarterly+

Attachments
Update to irssi 1.0.5 (816 bytes, patch)
2017-10-22 15:11 UTC, David O'Rourke 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David O'Rourke 2017-10-22 15:11:53 UTC 
Created attachment 187370 [details]
Update to irssi 1.0.5

This fixes CVEs:
      - CVE-2017-15228
      - CVE-2017-15227
      - CVE-2017-15721
      - CVE-2017-15723
      - CVE-2017-15722
    
    (a) When installing themes with unterminated colour formatting
        sequences, Irssi may access data beyond the end of the
        string. (CWE-126) Found by Hanno Böck.
    
        CVE-2017-15228 was assigned to this issue.
    
    (b) While waiting for the channel synchronisation, Irssi may
        incorrectly fail to remove destroyed channels from the query list,
        resulting in use after free conditions when updating the state
        later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)
    
        CVE-2017-15227 was assigned to this issue.
    
    (c) Certain incorrectly formatted DCC CTCP messages could cause NULL
        pointer dereference. Found by Joseph Bisch. This is a separate,
        but similar issue to CVE-2017-9468. (CWE-690)
    
        CVE-2017-15721 was assigned to this issue.
    
    (d) Overlong nicks or targets may result in a NULL pointer dereference
        while splitting the message. Found by Joseph Bisch. (CWE-690)
    
        CVE-2017-15723 was assigned to this issue.
    
    (e) In certain cases Irssi may fail to verify that a Safe channel ID
        is long enough, causing reads beyond the end of the string. Found
        by Joseph Bisch. (CWE-126)
    
        CVE-2017-15722 was assigned to this issue.
    
    More information can be found in the upstream security advisory at
    https://irssi.org/security/irssi_sa_2017_10.txt
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-10-22 17:47:36 UTC 
A commit references this bug:

Author: dbaio
Date: Sun Oct 22 17:46:40 UTC 2017
New revision: 452673
URL: https://svnweb.freebsd.org/changeset/ports/452673

Log:
  security/vuxml: Document multiple vulnerabilities in irc/irssi

  Security:	CVE-2017-15721
  Security:	CVE-2017-15722
  Security:	CVE-2017-15723
  Security:	CVE-2017-15727
  Security:	CVE-2017-15228

  PR:		223169
  Reported by:	David O'Rourke <dor.bsd@xm0.uk>

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-10-22 17:53:44 UTC 
A commit references this bug:

Author: dbaio
Date: Sun Oct 22 17:53:20 UTC 2017
New revision: 452675
URL: https://svnweb.freebsd.org/changeset/ports/452675

Log:
  irc/irssi: Update to 1.0.5, Fixes multiple security vulnerabilities

  https://irssi.org/security/irssi_sa_2017_10.txt

  PR:		223169
  Submitted by:	David O'Rourke <dor.bsd@xm0.uk> (maintainer)
  MFH:		2017Q4
  Security:	85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-10-23 14:51:11 UTC 
A commit references this bug:

Author: dbaio
Date: Mon Oct 23 14:50:51 UTC 2017
New revision: 452713
URL: https://svnweb.freebsd.org/changeset/ports/452713

Log:
  MFH: r452675

  irc/irssi: Update to 1.0.5, Fixes multiple security vulnerabilities

  https://irssi.org/security/irssi_sa_2017_10.txt

  PR:		223169
  Submitted by:	David O'Rourke <dor.bsd@xm0.uk> (maintainer)
  Security:	85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1

  Approved by:	ports-secteam (swills)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/irc/irssi/Makefile
  branches/2017Q4/irc/irssi/distinfo
Comment 4 Danilo G. Baio freebsd_committer freebsd_triage 2017-10-23 14:54:59 UTC 
Committed, thanks!