Bug 217878 - irc/irssi: Update to 1.0.2
Summary: irc/irssi: Update to 1.0.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Thomas Zander
URL:
Keywords: needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2017-03-17 19:04 UTC by David O'Rourke
Modified: 2017-03-22 19:15 UTC (History)
1 user (show)

See Also:

Attachments
Updates port to 1.0.2 (3.09 KB, patch)
2017-03-17 19:04 UTC, David O'Rourke 		dor.bsd: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David O'Rourke 2017-03-17 19:04:37 UTC 
Created attachment 180913 [details]
Updates port to 1.0.2

Updating to irc/irssi 1.0.2 is recommended for all users of 1.0.x as it fixes a remote crash (due to use after free) introduced in 1.0.0.

A CVE has not yet been allocated. More can be read at https://irssi.org/security/irssi_sa_2017_03.txt
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-03-18 13:30:58 UTC 
A commit references this bug:

Author: riggs
Date: Sat Mar 18 13:29:57 UTC 2017
New revision: 436407
URL: https://svnweb.freebsd.org/changeset/ports/436407

Log:
  Update to upstream version 1.0.2

  Details:
  - Fixes a use-after-free during netjoin.
    This usually leads to a segfault.
    Upstream considers targeted code execution
    difficult.

  PR:		217878
  Submitted by:	dor.bsd@xm0.uk (maintainer)
  MFH:		2017Q1
  Security:	CVE-2017-xxxx (not yet assigned)

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-Makefile.in
  head/irc/irssi/files/patch-perl-Makefile
  head/irc/irssi/files/patch-src_core_network-openssl.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-03-18 13:58:24 UTC 
A commit references this bug:

Author: riggs
Date: Sat Mar 18 13:57:41 UTC 2017
New revision: 436409
URL: https://svnweb.freebsd.org/changeset/ports/436409

Log:
  Document use-after-free vulnerability in irc/irssi

  PR:		217878

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Thomas Zander freebsd_committer freebsd_triage 2017-03-18 14:02:13 UTC 
David, could you ping me once the CVE ID is allocated?
I'd like to update the vuxml entry accordingly.
Thank you in advance!
Comment 4 David O'Rourke 2017-03-18 18:11:11 UTC 
Can do. I'll keep an eye out for it.
Comment 5 Thomas Zander freebsd_committer freebsd_triage 2017-03-19 09:28:39 UTC 
Perfect, thank you!
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-03-22 19:15:37 UTC 
A commit references this bug:

Author: riggs
Date: Wed Mar 22 19:14:33 UTC 2017
New revision: 436719
URL: https://svnweb.freebsd.org/changeset/ports/436719

Log:
  Add CVE ID for recent irssi vulnerability

  PR:		217878
  Submitted by:	dor.bsd@xm0.uk (irssi mainainer)

Changes:
  head/security/vuxml/vuln.xml