Debian Bug report logs -
#861121
weechat: CVE-2017-8073
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 24 Apr 2017 19:39:01 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version weechat/1.0.1-1
Fixed in versions weechat/1.7-3, weechat/1.0.1-1+deb8u1, weechat/1.6-1+deb9u1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Emmanuel Bouthenot <kolter@debian.org>:
Bug#861121; Package src:weechat.
(Mon, 24 Apr 2017 19:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Emmanuel Bouthenot <kolter@debian.org>.
(Mon, 24 Apr 2017 19:39:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: weechat
Version: 1.0.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for weechat.
CVE-2017-8073[0]:
| WeeChat before 1.7.1 allows a remote crash by sending a filename via
| DCC to the IRC plugin. This occurs in the
| irc_ctcp_dcc_filename_without_quotes function during quote removal,
| with a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
[1] https://weechat.org/news/95/20170422-Version-1.7.1/
[2] https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
Regards,
Salvatore
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 25 Apr 2017 05:06:04 GMT) (full text, mbox, link).
Reply sent
to Emmanuel Bouthenot <kolter@debian.org>:
You have taken responsibility.
(Tue, 25 Apr 2017 09:39:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 25 Apr 2017 09:39:03 GMT) (full text, mbox, link).
Message #12 received at 861121-close@bugs.debian.org (full text, mbox, reply):
Source: weechat
Source-Version: 1.7-3
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861121@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@debian.org> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Apr 2017 10:46:10 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg
Architecture: source amd64 all
Version: 1.7-3
Distribution: unstable
Urgency: medium
Maintainer: Emmanuel Bouthenot <kolter@debian.org>
Changed-By: Emmanuel Bouthenot <kolter@debian.org>
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Closes: 861121
Changes:
weechat (1.7-3) unstable; urgency=medium
.
* Add a patch to fix CVE-2017-8073 which allows a remote crash by
sending a filename via DCC to the IRC plugin (Closes: #861121)
Checksums-Sha1:
bf4297e7eae3077bcc51f29ab96b8c7f7fa3b27d 2484 weechat_1.7-3.dsc
76c0b79d8f06f25521e9c019f88036f10d60c00c 16012 weechat_1.7-3.debian.tar.xz
2298680a9b08d0e09294211684d0147d0bd0fa34 697740 weechat-core_1.7-3_amd64.deb
0a3c213166055f303609fcd1cb54e8fe3bd63b20 403468 weechat-curses_1.7-3_amd64.deb
6d3cf52a442e9ef6b166da21e55a15f25d18b34c 3751000 weechat-dbg_1.7-3_amd64.deb
846317f448b519ecd4b68312d16f2096d0802a5e 68126 weechat-dev_1.7-3_all.deb
cb61cdc69bf4dcf2c9eb4956163ec677510ffa13 838638 weechat-doc_1.7-3_all.deb
fa7b936fa503620a5a34c2db3322890d166c59b0 493944 weechat-plugins_1.7-3_amd64.deb
4a4e578683025d46dbd54b797bb87dd1a3965cab 55724 weechat_1.7-3_all.deb
b994246b700414b9410d27fcfb890ad7882d31f5 11193 weechat_1.7-3_amd64.buildinfo
Checksums-Sha256:
c9053577804d2d767fb1ea6ac013dd3055617c6b6cc0ec436853c71cc8f2fc07 2484 weechat_1.7-3.dsc
d2a4871cbbc274476d1cc94ba2380d53e2f84e23a2cfe70ff81f2bc26f489799 16012 weechat_1.7-3.debian.tar.xz
661a5e0b8158dfd5f04214163bf52a966c4c55d324f5779f7bc43aa8b444e350 697740 weechat-core_1.7-3_amd64.deb
c6ac021294be3df30a51cc3b2ed766958db364592a4abbc26517facd8d9638e0 403468 weechat-curses_1.7-3_amd64.deb
3fcfd3ef3dfe83cd79cd81bff2789fa49069d7e43224a92e848bf80c452a7731 3751000 weechat-dbg_1.7-3_amd64.deb
e65683b6c63a4840ee848162900b568e238929658642623d3c77fa699bb32927 68126 weechat-dev_1.7-3_all.deb
fd830b4d5d14c7cb735d98df8da46885c58c52cfa6ffa6dc9a92e0f29876e718 838638 weechat-doc_1.7-3_all.deb
bed2f48c6a5548df2b763d4571a4d8745427aac14818bf20a8c59dae5ea62e09 493944 weechat-plugins_1.7-3_amd64.deb
23286be13bb1a32dae0fbc6f6dccec4be6a6cc231a2cf1a8a1a3364969bee7e5 55724 weechat_1.7-3_all.deb
cf28b51e3297cb3cec2705167cb065c2d06d695792297749e9e0511a0e480411 11193 weechat_1.7-3_amd64.buildinfo
Files:
a0c024790ea8e0c8410a949495c80aa8 2484 net optional weechat_1.7-3.dsc
4539a2c5793a06ea0422cd65b6b89447 16012 net optional weechat_1.7-3.debian.tar.xz
47fe5cf02ba33b395c5f5eb60d931027 697740 net optional weechat-core_1.7-3_amd64.deb
64c9b93a9088a8ba158b4c7b8fd9567d 403468 net optional weechat-curses_1.7-3_amd64.deb
2b62ba7ad2703ddddc9f870cc434975f 3751000 debug extra weechat-dbg_1.7-3_amd64.deb
16766f5bd3be6273aa71f269ecd01110 68126 devel optional weechat-dev_1.7-3_all.deb
fe195f130037719ae2ef4968f3c8bbb1 838638 doc optional weechat-doc_1.7-3_all.deb
46ae39e88d8b805323685358eb02f6f2 493944 net optional weechat-plugins_1.7-3_amd64.deb
f0edb2bda6578b60d266b9b4b26f2b4b 55724 net optional weechat_1.7-3_all.deb
da38ccbc3390479125ca6e5240826a4f 11193 net optional weechat_1.7-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQ1Tfow3vJnf8QuHSwd3I5KdQsMFAlj/E0oACgkQSwd3I5Kd
QsM9SA/+IW2uVPDMV03pR/FNrj3kGewbAe+kjuSADkJAuBq7PbOPnCsL9GzCetg0
XnpGQdnNDk7YqwRv5as6Xv/FzWCsPsftshPfb845aXdrRLn8Bml+ojFJxfzxqpX6
cNgV9YazOdkJIzI78swR9V3zGE4PAJKXpy5qdcm+iAFKkmYQbEun4suIhLqLHF6T
0RruAaWZnbmDW4p7foLzgTp5pTv+eZljXbFyBIpNQN4t8SN8iitM8rShhW/StVbU
t1NMZDNlM3LXBnFtqpyR+hroLYjXk8HXtrHc756u85tHfTlo7iCbl7w60uPIe4Kr
FQqMaSpEYmxwfnQB3WF7qfvgkSCKqU8H3sHyMj8oQg3tuyruN+n2aq3pcrc2RH4M
+bxHQ2948WxY/A5qcf+FRKCgS+O6I01riR5y8Nmoa1JYuQA1uxKOH7vTaCdbMrC0
HrNW+/WTEJrp/2eNsqXxKHqAvCNWcNNEUQa492SdOU10qbHE/cCRDmoZYskG6o4K
7C6kjR21JKw0bUa/WrzH+vuwsLaP/9UNq8RIRLYS4z1H2NV9xqB4qxWAoO/2r8Tw
S1mDYEXIBDBQZUsBn5jWj5e6Pz49u/0fZ7EfYv2a01OOs/jp9Vhz03Oe7KI4jXKz
kXvskMsK8CPoPHqAfmDB4L8mPp8LNSV1cNF2TfWp3S+yjFSrCrs=
=FS7e
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 28 Apr 2017 10:36:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 28 Apr 2017 10:36:13 GMT) (full text, mbox, link).
Message #17 received at 861121-close@bugs.debian.org (full text, mbox, reply):
Source: weechat
Source-Version: 1.0.1-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861121@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Apr 2017 07:01:43 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg
Architecture: all source
Version: 1.0.1-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Emmanuel Bouthenot <kolter@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 861121
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
weechat (1.0.1-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
Checksums-Sha1:
9c36a0184acfc045cdf9182d5e8d78f15003c8c0 2611 weechat_1.0.1-1+deb8u1.dsc
6ff5ab2a5b2044dbdc555d00053cc32315703566 1662196 weechat_1.0.1.orig.tar.xz
3a98df11362fcf304b96dd9ce51c25b9ac40ecc5 15140 weechat_1.0.1-1+deb8u1.debian.tar.xz
b8e3ae40189a3ecae1c78e55879866d4822cf316 48720 weechat_1.0.1-1+deb8u1_all.deb
fd4369e583c7509f97790f96e210ac900a08a72f 775034 weechat-doc_1.0.1-1+deb8u1_all.deb
48d5dba1530b303290c1d1c04384cc6f695186ef 60228 weechat-dev_1.0.1-1+deb8u1_all.deb
Checksums-Sha256:
3bdaeffdad111b6dfe6d0d04fdf71c099108c7ad30c49748e7b9ee22d959b8e0 2611 weechat_1.0.1-1+deb8u1.dsc
3ce0ec8a2f3a4c4f10fb0e49f71128c914b04368ce3e55a7cc378ad6c5664d7a 1662196 weechat_1.0.1.orig.tar.xz
e010fa2351011699d065035a6ca730e4f3f72a44e6744d87fca88d50e534bac0 15140 weechat_1.0.1-1+deb8u1.debian.tar.xz
820567af38f71d8e99665b041150b013e64538e28e48250788883de21ea0ecdd 48720 weechat_1.0.1-1+deb8u1_all.deb
29b716635578e7aab8cac25d229db57c7cdf2d4ce5ae2b63a60ada69c78633dc 775034 weechat-doc_1.0.1-1+deb8u1_all.deb
084a1c005a373677b53afda7e624f6e20ab8f1bd92be4c5d2e2631bfad2c278b 60228 weechat-dev_1.0.1-1+deb8u1_all.deb
Files:
9df928d3d80fa91c6f4121e4ce69401e 2611 net optional weechat_1.0.1-1+deb8u1.dsc
6a2d15eae08bb83499400e0255f31431 1662196 net optional weechat_1.0.1.orig.tar.xz
92167bf6935d34844f41ba6b596f1198 15140 net optional weechat_1.0.1-1+deb8u1.debian.tar.xz
1ab9d7a9605dae2152b37a91cf9c3e92 48720 net optional weechat_1.0.1-1+deb8u1_all.deb
2cbf6fcc22323cda0f3c60fd5106e4a5 775034 doc optional weechat-doc_1.0.1-1+deb8u1_all.deb
b23cba510535d945429a2ae1742ebb87 60228 devel optional weechat-dev_1.0.1-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlj+3/JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E/VsP/3U/mzVKBwnnIRWDkJCPnmFGPNxJAE2z
XBfLMN5LsoU2ssIyeTIYXKIvw6ZUYqRHi/DzAlMTegs3cYCrw0Hb+K7zsp2nlL4h
OecHsDFfkScMvTHy5vffx1GlKxaKawLMYKWG9xOD3MBKyKqEqz4hEzh+SuAaD81D
A0gJx2sdT6Fa0j3j3EC4jPFmRn90Lm3tYPTxlENA7HA0i4MUSSh4sYHW/tfV23ub
t8xWuYVPb0ttHe2Jj2RnH1YgXqhqRAb1XwQfpgmUeHnQWvbd+NuMP+bX6rgifzCV
n4ngF3txL+dLjekEzYF5CI2hh60KXlTH5KYQ0knj4JBjndwzWme9HYqzh8f4YGsC
Nj6gCvbk67PN3ZmZbtF6kiwuDWrf4Tl+V5VIfSuQQtz0SjUrDeA1HrlLWQ9wzu7F
2REhQMvIai2quleEW22S6b7tIff1K913pKi19eyHtYmRKHhxDcvGPCHo3z6L+9Dk
3hpJJN7Ur9MkWPU6/ow8pFo7oXWqyHPJAEX6cPL6nJ/1O9IdGkfXEAd3EL8wj8G6
8V4hDkuFBzpk+oYqkHjNtqnPAQa7xQzsO2q13DPYIZUqI1MW0wY5dq/kKSSTC95o
cYnrp+byKa3IXMxofMQ5DbAbDDmpbF9K3RX0LGUsOYwDppSD8uZ4tuClgcqVbWon
imUKpYlhZ/hS
=2yfm
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 29 Apr 2017 16:03:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 29 Apr 2017 16:03:11 GMT) (full text, mbox, link).
Message #22 received at 861121-close@bugs.debian.org (full text, mbox, reply):
Source: weechat
Source-Version: 1.6-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861121@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Apr 2017 16:31:58 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg
Architecture: all source
Version: 1.6-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Emmanuel Bouthenot <kolter@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 861121
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
weechat (1.6-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
Checksums-Sha1:
b510ecd30a66a674045f8f207ed993540ba3369d 2667 weechat_1.6-1+deb9u1.dsc
69bc1f3ff6677a1fb9b193966be1ee92402ff774 15672 weechat_1.6-1+deb9u1.debian.tar.xz
75f025b6d6bd474b7ac9abc780af214102929206 67216 weechat-dev_1.6-1+deb9u1_all.deb
55d7e981e532e01910edd59edb019a16eeebcdc8 820540 weechat-doc_1.6-1+deb9u1_all.deb
017ff5a9535007e9db8466b9bf2f1ca089172645 54838 weechat_1.6-1+deb9u1_all.deb
Checksums-Sha256:
345f0a7a9fa526c28f8d9954731a338f4f96f4ae31ad7127007bd5a83f5507bc 2667 weechat_1.6-1+deb9u1.dsc
249e863b2e66f359d1c80d13b2bef1587f5376edbd2b66158d2d27fee0002fd9 15672 weechat_1.6-1+deb9u1.debian.tar.xz
22e2a0673cc6906104477579235ab073528da15ea2ed8908999633a6f9d1eeb6 67216 weechat-dev_1.6-1+deb9u1_all.deb
c4cd714fd44c429428d9a426c4ea28e188b911fcaf6fc7863a477eec8b7cb448 820540 weechat-doc_1.6-1+deb9u1_all.deb
bee62acec12c9acd6daf81aced7005b52c4f201c8b103f48480cb38f7399402c 54838 weechat_1.6-1+deb9u1_all.deb
Files:
2f692f57cb51b19848c54218d62888da 2667 net optional weechat_1.6-1+deb9u1.dsc
aa32aa2f5a689a1281dafbdee421a61d 15672 net optional weechat_1.6-1+deb9u1.debian.tar.xz
e5ddc25a67c4e8b87cf2b9223ab24c46 67216 devel optional weechat-dev_1.6-1+deb9u1_all.deb
f182d899ca2f2e1d1b5d2bd7777b3c54 820540 doc optional weechat-doc_1.6-1+deb9u1_all.deb
3307cc90e9d07f8465566d6a8920db49 54838 net optional weechat_1.6-1+deb9u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkEslhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EM/oP/j/Jtb3tSECmGQHRLwi5YutxxmBU5OrU
qQMvTsvT85+4utspTcvV5vjM4PiBwcL/mYoxu87hbtny0z7Dk/ADAzX5NtDwkeUS
pv3FY2VyarCvPPTWGmBoyvk+1Iq1kCMhoD0heiSsl4e2DrtJRbytWMTuPNpbXdH8
vQBbuu+FKjIniJjzDxFQqGwDVrV96QkVcZvmWo6h4hbT/2msIbWO9rVTq1WQRESN
uf2c23YAL5U+DXq81o0gl/CWC8+CcLY6i2Z6DFjpYrmX+5a9IpkcfIBPOeYvy5jz
nYKmvpg9VxJIb0GPqrRO2uVO2XpNSeBzZAz8lDjBIykkoA5UfCwW+9UHqU/Zb5rN
R25x1Ler92N3V65r6+KrMtOgv/1bRcM688J7zmHKe7IbbtpIb27ubMFd40F/0hU8
XM1jyHzlq2SHuyzRkRtBlSrOn22mMiFhiVVHXyEDFmRk6kbHNhDljGjJ/Mpxa4An
r6hT2T3SvGb1FGqCLamDOLq7odHOfd3Ncpswh/ESBF4ZEfZIW+lcBinwBMETkSr8
p/VmZAVUJvRD6oiWZz2X8DMeamqW+1Bgh9154reXpqAHDF1+UFxXjZeE5w/7KRUd
d3tDPjC68DkwePVFCZanpS8gsZ9XHf/DIrplwcYZ7iCojZQT1YAP0jFjut1FVyX5
DD5jlZtXhkg/
=Ka6+
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Emmanuel Bouthenot <kolter@debian.org>:
Bug#861121; Package src:weechat.
(Mon, 01 May 2017 09:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Eivind Uggedal <eivind@uggedal.com>:
Extra info received and forwarded to list. Copy sent to Emmanuel Bouthenot <kolter@debian.org>.
(Mon, 01 May 2017 09:27:06 GMT) (full text, mbox, link).
Message #27 received at 861121@bugs.debian.org (full text, mbox, reply):
Weechat version 1.5-1~bpo8+10 in jessie-backports is still vulnerable
to CVE-2017-8073.
The same for 1.0.1-1~bpo70+1 in weezy-backports.
Information forwarded
to debian-bugs-dist@lists.debian.org, Emmanuel Bouthenot <kolter@debian.org>:
Bug#861121; Package src:weechat.
(Wed, 03 May 2017 12:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Emmanuel Bouthenot <kolter@openics.org>:
Extra info received and forwarded to list. Copy sent to Emmanuel Bouthenot <kolter@debian.org>.
(Wed, 03 May 2017 12:15:03 GMT) (full text, mbox, link).
Message #32 received at 861121@bugs.debian.org (full text, mbox, reply):
Eivind,
On Mon, May 01, 2017 at 11:17:17AM +0200, Eivind Uggedal wrote:
> Weechat version 1.5-1~bpo8+10 in jessie-backports is still vulnerable
> to CVE-2017-8073.
>
> The same for 1.0.1-1~bpo70+1 in weezy-backports.
Both were uploaded a few hours ago.
Regards,
--
Emmanuel Bouthenot
mail: kolter@{openics,debian}.org gpg: 4096R/0x929D42C3
xmpp: kolter@im.openics.org irc: kolter@{freenode,oftc}
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 01 Jun 2017 07:25:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:20:42 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon