Created attachment 189468 [details] Update irc/irssi port to 1.0.6 Updates irssi to 1.0.6 to correct CVEs CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207. (a) When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. (CWE-476) CVE-2018-5206 was assigned to this issue. (b) When using incomplete escape codes, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5205 was assigned to this issue. (c) A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. (CWE-126) Found by Joseph Bisch. CVE-2018-5208 was assigned to this issue. (d) When using an incomplete variable argument, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5207 was assigned to this issue. Upstream information about this is recorded at https://irssi.org/security/irssi_sa_2018_01.txt
A commit references this bug: Author: dbaio Date: Sat Jan 6 20:43:52 UTC 2018 New revision: 458288 URL: https://svnweb.freebsd.org/changeset/ports/458288 Log: security/vuxml: Document multiple vulnerabilities in irc/irssi Security: CVE-2018-5205 Security: CVE-2018-5206 Security: CVE-2018-5207 Security: CVE-2018-5208 PR: 224954 Reported by: tj@mrsk.me (email) Reported by: David O'Rourke <dor.bsd@xm0.uk> Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: dbaio Date: Sat Jan 6 21:18:41 UTC 2018 New revision: 458290 URL: https://svnweb.freebsd.org/changeset/ports/458290 Log: irc/irssi: Update to 1.0.6, Fixes multiple security vulnerabilities While here, update license and www. Changes: https://raw.githubusercontent.com/irssi/irssi/1.0.6/NEWS PR: 224954 Submitted by: David O'Rourke <dor.bsd@xm0.uk> (maintainer) Reported by: tj@mrsk.me (email) MFH: 2018Q1 Security: a3764767-f31e-11e7-95f2-005056925db4 Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/pkg-descr
A commit references this bug: Author: dbaio Date: Sat Jan 6 21:22:13 UTC 2018 New revision: 51368 URL: https://svnweb.freebsd.org/changeset/doc/51368 Log: Add David O'Rourke to contributors Maintainer of irc/irssi PR: 224954 Changes: head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
A commit references this bug: Author: dbaio Date: Thu Jan 11 12:43:54 UTC 2018 New revision: 458726 URL: https://svnweb.freebsd.org/changeset/ports/458726 Log: MFH: r458290 irc/irssi: Update to 1.0.6, Fixes multiple security vulnerabilities While here, update license and www. Changes: https://raw.githubusercontent.com/irssi/irssi/1.0.6/NEWS PR: 224954 Submitted by: David O'Rourke <dor.bsd@xm0.uk> (maintainer) Reported by: tj@mrsk.me (email) Security: a3764767-f31e-11e7-95f2-005056925db4 Approved by: ports-secteam (swills) Changes: _U branches/2018Q1/ branches/2018Q1/irc/irssi/Makefile branches/2018Q1/irc/irssi/distinfo branches/2018Q1/irc/irssi/pkg-descr
Committed, thanks!