Debian Bug report logs -
#531357
irssi WALLOPS heap off-by-one
Reported by: Craig <craig@haquarter.de>
Date: Sun, 31 May 2009 21:42:02 UTC
Severity: important
Tags: security
Merged with 532607
Found in versions 1.3-18, irssi/0.8.10-2
Fixed in versions 0.8.13-2, 0.8.12-7, 0.8.10-3
Done: Gerfried Fuchs <rhonda@debian.at>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, David Pashley <david@davidpashley.com>:
Bug#531357; Package irssi.
(Sun, 31 May 2009 21:42:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Craig <craig@haquarter.de>:
New Bug report received and forwarded. Copy sent to David Pashley <david@davidpashley.com>.
(Sun, 31 May 2009 21:42:29 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: irssi
Version: 1.3-18
Severity: grave
A remotely exploitable off-by-one was found in irssi 0.8.13. It's
exloitable from a server only.
See http://bugs.irssi.org/index.php?do=details&task_id=662 and
http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/
Best regards,
Craig
Tags added: pending
Request was from Gerfried Fuchs <rhonda@debian.at>
to control@bugs.debian.org.
(Tue, 02 Jun 2009 09:30:17 GMT) (full text, mbox, link).
Forcibly Merged 531357 532607.
Request was from Gerfried Fuchs <rhonda@debian.at>
to control@bugs.debian.org.
(Mon, 15 Jun 2009 08:42:03 GMT) (full text, mbox, link).
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Fri, 19 Jun 2009 10:15:16 GMT) (full text, mbox, link).
Notification sent
to Craig <craig@haquarter.de>:
Bug acknowledged by developer.
(Fri, 19 Jun 2009 10:15:17 GMT) (full text, mbox, link).
Message #14 received at 531357-close@bugs.debian.org (full text, mbox, reply):
Source: irssi
Source-Version: 0.8.13-2
We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive:
irssi-dev_0.8.13-2_powerpc.deb
to pool/main/i/irssi/irssi-dev_0.8.13-2_powerpc.deb
irssi_0.8.13-2.diff.gz
to pool/main/i/irssi/irssi_0.8.13-2.diff.gz
irssi_0.8.13-2.dsc
to pool/main/i/irssi/irssi_0.8.13-2.dsc
irssi_0.8.13-2_powerpc.deb
to pool/main/i/irssi/irssi_0.8.13-2_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 531357@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerfried Fuchs <rhonda@debian.at> (supplier of updated irssi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 16 Jun 2009 11:03:06 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source powerpc
Version: 0.8.13-2
Distribution: unstable
Urgency: medium
Maintainer: David Pashley <david@davidpashley.com>
Changed-By: Gerfried Fuchs <rhonda@debian.at>
Description:
irssi - terminal based IRC client
irssi-dev - terminal based IRC client - development files
Closes: 531357
Changes:
irssi (0.8.13-2) unstable; urgency=medium
.
* New patch:
- wallops-fix: Fix CVE-2009-1959 off-by-one in event_wallops
(closes: #531357)
Checksums-Sha1:
4fc61abc6f7edaf15777d14b8c6318f2aa6276a6 1270 irssi_0.8.13-2.dsc
c2971eacac7a638caa9fa2a2aa588dca533ed331 16265 irssi_0.8.13-2.diff.gz
63860c90350cb83803f692738ed13c574c2a33e5 1158742 irssi_0.8.13-2_powerpc.deb
c6972e80bfdec1e09e23a606ac94ef232cd43d4f 290440 irssi-dev_0.8.13-2_powerpc.deb
Checksums-Sha256:
6f32cb9edf16f1f773ec6c1e12237331058c3e7f83f55cc5d12fd710f95933d8 1270 irssi_0.8.13-2.dsc
447e048904c07c4b312c6f6cfc763e3d67979f9dcfdc6148dff20fb5c176b1f2 16265 irssi_0.8.13-2.diff.gz
82439a80a04e4da8b80e43f61bc7b0f9953e2908d9ed0fa49a64a74bef077802 1158742 irssi_0.8.13-2_powerpc.deb
f444177e6e529a2d2588d7608d18cd7b22439f3a14eec88670954ce03a2cd950 290440 irssi-dev_0.8.13-2_powerpc.deb
Files:
43c5d6dde2e9c4c3b60b43b442f4e7a1 1270 net optional irssi_0.8.13-2.dsc
4657996a0b49222735415d0867ac3f6f 16265 net optional irssi_0.8.13-2.diff.gz
1252dfa956028e6a7598cee6ca4e0bfe 1158742 net optional irssi_0.8.13-2_powerpc.deb
ba5163f8ab6db984577381f3472fd26b 290440 net optional irssi-dev_0.8.13-2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko7XNwACgkQELuA/Ba9d8aHgACcDshpFfDfxdNUBTbf9yTE16gA
h8UAoNhK5XUYl6c61C9Shvp632y8vJuG
=dBmI
-----END PGP SIGNATURE-----
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Fri, 19 Jun 2009 10:15:18 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 19 Jun 2009 10:15:18 GMT) (full text, mbox, link).
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Thu, 02 Jul 2009 02:21:06 GMT) (full text, mbox, link).
Notification sent
to Craig <craig@haquarter.de>:
Bug acknowledged by developer.
(Thu, 02 Jul 2009 02:21:06 GMT) (full text, mbox, link).
Message #24 received at 531357-close@bugs.debian.org (full text, mbox, reply):
Source: irssi
Source-Version: 0.8.12-7
We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive:
irssi-dev_0.8.12-7_powerpc.deb
to pool/main/i/irssi/irssi-dev_0.8.12-7_powerpc.deb
irssi_0.8.12-7.diff.gz
to pool/main/i/irssi/irssi_0.8.12-7.diff.gz
irssi_0.8.12-7.dsc
to pool/main/i/irssi/irssi_0.8.12-7.dsc
irssi_0.8.12-7_powerpc.deb
to pool/main/i/irssi/irssi_0.8.12-7_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 531357@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerfried Fuchs <rhonda@debian.at> (supplier of updated irssi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 19 Jun 2009 10:35:10 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source powerpc
Version: 0.8.12-7
Distribution: stable
Urgency: medium
Maintainer: David Pashley <david@davidpashley.com>
Changed-By: Gerfried Fuchs <rhonda@debian.at>
Description:
irssi - terminal based IRC client
irssi-dev - text-mode version of the irssi IRC client development files
Closes: 531357
Changes:
irssi (0.8.12-7) stable; urgency=medium
.
* Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops
(closes: #531357)
Checksums-Sha1:
a8c6664f0749a7faaa669b5dff55f7baddbe11d0 1270 irssi_0.8.12-7.dsc
ec60dc5d45dfc9add6ab20ae4c05fe788764365c 19383 irssi_0.8.12-7.diff.gz
9813457ef9cd6b81a36d5c5fae49687bff81b6b9 1166826 irssi_0.8.12-7_powerpc.deb
5a96bee55f854f4c6f3ea5b3ebfbe51f0f68a054 271424 irssi-dev_0.8.12-7_powerpc.deb
Checksums-Sha256:
04f48c30217a20fca36734c8f13ad3f522e6abb21f72fcf0c6ba583b382ce9fa 1270 irssi_0.8.12-7.dsc
5e3f47fb7f366152eced371c6ea9cedb02bb94e919dc48095d9223b055bdc755 19383 irssi_0.8.12-7.diff.gz
1ae1a10de72eaf872babb9f23d48b7a4843a0ba0dd462533eff00fc60a6e5d51 1166826 irssi_0.8.12-7_powerpc.deb
e8942bb0ecc5c34820038b8bfdd7d68f9982d0cee60aa4beadd74b1b027616fc 271424 irssi-dev_0.8.12-7_powerpc.deb
Files:
42bae2ca9fc165ec296ab2e38e9fd64f 1270 net optional irssi_0.8.12-7.dsc
c7e382ecb4e8ff5645e60fb76689371c 19383 net optional irssi_0.8.12-7.diff.gz
ca41d27fcddb5e872d7dbbd5e7fc3466 1166826 net optional irssi_0.8.12-7_powerpc.deb
63cb3068b827328483de9547c90bf042 271424 net optional irssi-dev_0.8.12-7_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko7jawACgkQELuA/Ba9d8ZkXgCgvOu8LLZFUoYvybLkzyqVVtlZ
scsAnRUv9FkuogRAtVC7WCWjuHkK0+no
=dDIk
-----END PGP SIGNATURE-----
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Thu, 02 Jul 2009 02:21:07 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Thu, 02 Jul 2009 02:21:07 GMT) (full text, mbox, link).
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Fri, 03 Jul 2009 20:36:23 GMT) (full text, mbox, link).
Notification sent
to Craig <craig@haquarter.de>:
Bug acknowledged by developer.
(Fri, 03 Jul 2009 20:36:23 GMT) (full text, mbox, link).
Message #34 received at 531357-close@bugs.debian.org (full text, mbox, reply):
Source: irssi
Source-Version: 0.8.10-3
We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive:
irssi-dev_0.8.10-3_powerpc.deb
to pool/main/i/irssi/irssi-dev_0.8.10-3_powerpc.deb
irssi-text_0.8.10-3_powerpc.deb
to pool/main/i/irssi/irssi-text_0.8.10-3_powerpc.deb
irssi_0.8.10-3.diff.gz
to pool/main/i/irssi/irssi_0.8.10-3.diff.gz
irssi_0.8.10-3.dsc
to pool/main/i/irssi/irssi_0.8.10-3.dsc
irssi_0.8.10-3_powerpc.deb
to pool/main/i/irssi/irssi_0.8.10-3_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 531357@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerfried Fuchs <rhonda@debian.at> (supplier of updated irssi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 19 Jun 2009 12:08:54 +0200
Source: irssi
Binary: irssi-dev irssi-text irssi
Architecture: source powerpc
Version: 0.8.10-3
Distribution: oldstable
Urgency: low
Maintainer: David Pashley <david@davidpashley.com>
Changed-By: Gerfried Fuchs <rhonda@debian.at>
Description:
irssi - terminal based IRC client
irssi-dev - text-mode version of the irssi IRC client development files
irssi-text - irssi dummy transition package
Closes: 531357
Changes:
irssi (0.8.10-3) oldstable; urgency=low
.
* Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops
(closes: #531357)
Files:
4a07f543a25747f38529b2a1081ae9a5 713 net optional irssi_0.8.10-3.dsc
51ad83871d7577a01111ddea991cc1ec 158088 net optional irssi_0.8.10-3.diff.gz
36c582d785e9508b0a8bcb995b9eff0d 1101372 net optional irssi_0.8.10-3_powerpc.deb
ac37a24e16408c6251f7b1bf2a3007a6 253398 net optional irssi-dev_0.8.10-3_powerpc.deb
164f75484914a65752e815d630607eab 205350 net optional irssi-text_0.8.10-3_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko7lOQACgkQELuA/Ba9d8ZtRgCdEjTKKWLVGsJ2HkAwn6VRfxcn
JV4An2/gwAvIv4wf1S9FUN/+CVf0lo8u
=QYwG
-----END PGP SIGNATURE-----
Reply sent
to Gerfried Fuchs <rhonda@debian.at>:
You have taken responsibility.
(Fri, 03 Jul 2009 20:36:24 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 03 Jul 2009 20:36:24 GMT) (full text, mbox, link).
Bug marked as found in version 0.8.10-2.
Request was from Gerfried Fuchs <rhonda@debian.at>
to control@bugs.debian.org.
(Mon, 06 Jul 2009 09:57:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 04 Aug 2009 07:27:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:21:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon