[Secure-testing-team] Bug#867598: irssi: CVE-2017-10965 CVE-2017-10966
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 7 17:12:32 UTC 2017
Source: irssi
Version: 0.8.17-1
Severity: important
Tags: upstream patch security fixed-upstream
Hi,
the following vulnerabilities were published for irssi.
CVE-2017-10965[0]:
| An issue was discovered in Irssi before 1.0.4. When receiving messages
| with invalid time stamps, Irssi would try to dereference a NULL
| pointer.
CVE-2017-10966[1]:
| An issue was discovered in Irssi before 1.0.4. While updating the
| internal nick list, Irssi could incorrectly use the GHashTable
| interface and free the nick while updating it. This would then result
| in use-after-free conditions on each access of the hash table.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
[1] https://security-tracker.debian.org/tracker/CVE-2017-10966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966
[2] https://irssi.org/security/irssi_sa_2017_07.txt
[3] https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
Regards,
Salvatore
More information about the Secure-testing-team
mailing list