Bug 217878
| Summary: | irc/irssi: Update to 1.0.2 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | David O'Rourke <dor.bsd> | ||||
| Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | riggs | ||||
| Priority: | --- | Keywords: | needs-qa, patch, security | ||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
David O'Rourke
2017-03-17 19:04:37 UTC
A commit references this bug: Author: riggs Date: Sat Mar 18 13:29:57 UTC 2017 New revision: 436407 URL: https://svnweb.freebsd.org/changeset/ports/436407 Log: Update to upstream version 1.0.2 Details: - Fixes a use-after-free during netjoin. This usually leads to a segfault. Upstream considers targeted code execution difficult. PR: 217878 Submitted by: dor.bsd@xm0.uk (maintainer) MFH: 2017Q1 Security: CVE-2017-xxxx (not yet assigned) Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/files/patch-Makefile.in head/irc/irssi/files/patch-perl-Makefile head/irc/irssi/files/patch-src_core_network-openssl.c A commit references this bug: Author: riggs Date: Sat Mar 18 13:57:41 UTC 2017 New revision: 436409 URL: https://svnweb.freebsd.org/changeset/ports/436409 Log: Document use-after-free vulnerability in irc/irssi PR: 217878 Changes: head/security/vuxml/vuln.xml David, could you ping me once the CVE ID is allocated? I'd like to update the vuxml entry accordingly. Thank you in advance! Can do. I'll keep an eye out for it. Perfect, thank you! A commit references this bug: Author: riggs Date: Wed Mar 22 19:14:33 UTC 2017 New revision: 436719 URL: https://svnweb.freebsd.org/changeset/ports/436719 Log: Add CVE ID for recent irssi vulnerability PR: 217878 Submitted by: dor.bsd@xm0.uk (irssi mainainer) Changes: head/security/vuxml/vuln.xml |
