173513 – irc/weechat is vunerable to a crash when receive special colored messages.

Bug 173513 - irc/weechat is vunerable to a crash when receive special colored messages.

Summary: irc/weechat is vunerable to a crash when receive special colored messages.

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-11-10 00:00 UTC by Andy Pilate
Modified:	2012-11-13 21:09 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andy Pilate 2012-11-10 00:00:00 UTC

	We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now.
    The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here.
    https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d

Fix: 

Just update your clients! (or run /set irc.network.colors_receive off)
How-To-Repeat:     The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels.

Comment 1 Eitan Adler freebsd_committer

2012-11-10 00:25:19 UTC

FYI. I won't have time to look into during this weekend, but someone
here should.

-- 
Eitan Adler

Comment 2 Mark Linimon freebsd_committer

2012-11-13 21:08:29 UTC

State Changed
From-To: open->closed

Superseded by ports/173514.