Bug 173513
| Summary: | irc/weechat is vunerable to a crash when receive special colored messages. | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Andy Pilate <cubox> |
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
FYI. I won't have time to look into during this weekend, but someone here should. -- Eitan Adler State Changed From-To: open->closed Superseded by ports/173514. |
We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now. The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here. https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d Fix: Just update your clients! (or run /set irc.network.colors_receive off) How-To-Repeat: The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels.