Bug 217878 - irc/irssi: Update to 1.0.2
Summary: irc/irssi: Update to 1.0.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Thomas Zander
URL:
Keywords: needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2017-03-17 19:04 UTC by David O'Rourke
Modified: 2017-03-22 19:15 UTC (History)
1 user (show)

See Also:


Attachments
Updates port to 1.0.2 (3.09 KB, patch)
2017-03-17 19:04 UTC, David O'Rourke
dor.bsd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David O'Rourke 2017-03-17 19:04:37 UTC
Created attachment 180913 [details]
Updates port to 1.0.2

Updating to irc/irssi 1.0.2 is recommended for all users of 1.0.x as it fixes a remote crash (due to use after free) introduced in 1.0.0.

A CVE has not yet been allocated. More can be read at https://irssi.org/security/irssi_sa_2017_03.txt
Comment 1 commit-hook freebsd_committer 2017-03-18 13:30:58 UTC
A commit references this bug:

Author: riggs
Date: Sat Mar 18 13:29:57 UTC 2017
New revision: 436407
URL: https://svnweb.freebsd.org/changeset/ports/436407

Log:
  Update to upstream version 1.0.2

  Details:
  - Fixes a use-after-free during netjoin.
    This usually leads to a segfault.
    Upstream considers targeted code execution
    difficult.

  PR:		217878
  Submitted by:	dor.bsd@xm0.uk (maintainer)
  MFH:		2017Q1
  Security:	CVE-2017-xxxx (not yet assigned)

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-Makefile.in
  head/irc/irssi/files/patch-perl-Makefile
  head/irc/irssi/files/patch-src_core_network-openssl.c
Comment 2 commit-hook freebsd_committer 2017-03-18 13:58:24 UTC
A commit references this bug:

Author: riggs
Date: Sat Mar 18 13:57:41 UTC 2017
New revision: 436409
URL: https://svnweb.freebsd.org/changeset/ports/436409

Log:
  Document use-after-free vulnerability in irc/irssi

  PR:		217878

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Thomas Zander freebsd_committer 2017-03-18 14:02:13 UTC
David, could you ping me once the CVE ID is allocated?
I'd like to update the vuxml entry accordingly.
Thank you in advance!
Comment 4 David O'Rourke 2017-03-18 18:11:11 UTC
Can do. I'll keep an eye out for it.
Comment 5 Thomas Zander freebsd_committer 2017-03-19 09:28:39 UTC
Perfect, thank you!
Comment 6 commit-hook freebsd_committer 2017-03-22 19:15:37 UTC
A commit references this bug:

Author: riggs
Date: Wed Mar 22 19:14:33 UTC 2017
New revision: 436719
URL: https://svnweb.freebsd.org/changeset/ports/436719

Log:
  Add CVE ID for recent irssi vulnerability

  PR:		217878
  Submitted by:	dor.bsd@xm0.uk (irssi mainainer)

Changes:
  head/security/vuxml/vuln.xml