irssi: multiple vulnerabilities fixed in irssi 1.0.5

Debian Bug report logs - #879521
irssi: multiple vulnerabilities fixed in irssi 1.0.5

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: irssi: multiple vulnerabilities fixed in irssi 1.0.5

Date: Sun, 22 Oct 2017 17:22:09 +0200

Source: irssi
Severity: grave
Tags: security
Justification: user security hole

Hi,

irssi 1.0.5 has been released, fixing multiple vulnerabilities

(a) When installing themes with unterminated colour formatting
    sequences, Irssi may access data beyond the end of the
    string. (CWE-126) Found by Hanno Böck.

    CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
    incorrectly fail to remove destroyed channels from the query list,
    resulting in use after free conditions when updating the state
    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

    CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
    pointer dereference. Found by Joseph Bisch. This is a separate,
    but similar issue to CVE-2017-9468. (CWE-690)

    CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
    while splitting the message. Found by Joseph Bisch. (CWE-690)

    CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
    is long enough, causing reads beyond the end of the string. Found
    by Joseph Bisch. (CWE-126)

    CVE-2017-15722 was assigned to this issue.

Can you prepare updates for sid, stretch and jessie (please coordinate with security team at team@security.debian.org for the latter two)? Please add CVE numbers to the changelog so we can track them easily.

Regards,
-- 
Yves-Alexis
Debian security team

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>

To: 879521@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#879521: irssi: multiple vulnerabilities fixed in irssi 1.0.5

Date: Sun, 22 Oct 2017 17:30:11 +0200

[Message part 1 (text/plain, inline)]

On Sun, 2017-10-22 at 17:22 +0200, Yves-Alexis Perez wrote:
> Can you prepare updates for sid, stretch and jessie (please coordinate with
> security team at team@security.debian.org for the latter two)? Please add
> CVE numbers to the changelog so we can track them easily.

By the way, fixes against master are here:

https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1

Regards,
-- 
Yves-Alexis Perez - Debian Security

[signature.asc (application/pgp-signature, inline)]

Message #26 received at 879521-close@bugs.debian.org (full text, mbox, reply):

From: Rhonda D'Vine <rhonda@debian.org>

To: 879521-close@bugs.debian.org

Subject: Bug#879521: fixed in irssi 1.0.5-1

Date: Mon, 06 Nov 2017 16:20:53 +0000

Source: irssi
Source-Version: 1.0.5-1

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879521@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine <rhonda@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 06 Nov 2017 16:24:38 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.5-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 879521
Changes:
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):
     - Fix missing -sasl_method '' in /NETWORK.
     - Fix incorrect restoration of term state when hitting SUSP
       inside screen.
     - Fix out of bounds read when compressing colour
       sequences. Found by Hanno Böck. [CVE-2017-15228]
     - Fix use after free condition during a race condition when
       waiting on channel sync during a rejoin [CVE-2017-15227]
     - Fix null pointer dereference when parsing certain malformed
       CTCP DCC messages. [CVE-2017-15721]
     - Fix crash due to null pointer dereference when failing to
       split messages due to overlong nick or target. [CVE-2017-15723]
     - Fix out of bounds read when trying to skip a safe channel ID
       without verifying that the ID is long enough. [CVE-2017-15722]
     - Fix return of random memory when inet_ntop failed.
     - Minor statusbar help update.
   * Remove deprecated --with autotools_dev call to dh.
   * Bump Standards-Version to 4.1.1.
   * Change priority of irssi-dev from deprecated extra to optional.
   * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
     directly.
Checksums-Sha1:
 b56b9aaa3574c322b6ed64c77ecd2f2d64253277 2151 irssi_1.0.5-1.dsc
 13893183e596c4022d98724ad403328a74056cd7 1032308 irssi_1.0.5.orig.tar.xz
 d40d9648e92fe9a52dd34b566780684235accd9c 195 irssi_1.0.5.orig.tar.xz.asc
 d2dbb435bccda3ae71426618714d94b6bf4a428a 19884 irssi_1.0.5-1.debian.tar.xz
 c870c8de8f6adf83eae38ad0aa7fd8b661baa5c9 2963896 irssi-dbgsym_1.0.5-1_amd64.deb
 778b6b2ecc4887e710868c37d5270f7f741a63b7 452136 irssi-dev_1.0.5-1_amd64.deb
 5c866e8a7b78a835c65e649467c8655661519745 7159 irssi_1.0.5-1_amd64.buildinfo
 0d5df3a17683a5d42b510c2916ed28dbbfd65407 1083528 irssi_1.0.5-1_amd64.deb
Checksums-Sha256:
 3ca30faa5f73f3b52e8b2bbb80b4cd2b726f58d880bd66102fca82c79d8a15f9 2151 irssi_1.0.5-1.dsc
 c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914 1032308 irssi_1.0.5.orig.tar.xz
 876f23ecbb27956d5f5f0fb2dab4035d75a4f23e64c7c4d84436a5e62b8460b1 195 irssi_1.0.5.orig.tar.xz.asc
 3478e90572fb92f2601ca96fc6c99d7b5a262e3bcf9fd8ff25ef1e1d049a1bb5 19884 irssi_1.0.5-1.debian.tar.xz
 6bb23ee3dfe32e374cec3d31c1243774895d513a8194693a65a850a9943e64b3 2963896 irssi-dbgsym_1.0.5-1_amd64.deb
 74f2f60e52dd58f6e354e677d6716bdd676c5e680a8a2ca9fa2161e3078abca1 452136 irssi-dev_1.0.5-1_amd64.deb
 17b09e70b4374e5bf6e850c7046f0ad143b20f1397dda21737edbb36e8fa5f04 7159 irssi_1.0.5-1_amd64.buildinfo
 1dbce44cc76b20db1a8ce06905223ffd055e59c59bb9522f072ffbe388bc074d 1083528 irssi_1.0.5-1_amd64.deb
Files:
 23049c3c5c839d39eb3e0759f43f932f 2151 net optional irssi_1.0.5-1.dsc
 21357ac5e9970fa0c79ca971a9a01270 1032308 net optional irssi_1.0.5.orig.tar.xz
 df7eef66faf0620d0b26decf3ddaf43d 195 net optional irssi_1.0.5.orig.tar.xz.asc
 b19a4a9d848dfb9782bec430da4b43d7 19884 net optional irssi_1.0.5-1.debian.tar.xz
 4aa6ddb64ee9562680ea867b6c1013f5 2963896 debug optional irssi-dbgsym_1.0.5-1_amd64.deb
 590907ea3401003795878c0e4c15065e 452136 net optional irssi-dev_1.0.5-1_amd64.deb
 4076739ce9ef711be22959ebf416305b 7159 net optional irssi_1.0.5-1_amd64.buildinfo
 371c4021692bef64da5926e053c5cb91 1083528 net optional irssi_1.0.5-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAloAhksACgkQ3ugEPuF+
uzCAIw/+IWN3gQZ/XFrWDVpiU+ktWqhRDuQKHgbO39NTWlUMK0rbCgyhNrMu/ePo
k9omZ4jM3nznjH8kT6KfYW2+fcq+vKRucyd0FJoA/9mzV8HOKkQwe5xMJBHwzf18
hg/eIm+BBNzoyGsY6iYOQVOfaCoa0Wl/fh5Ggk3dat2yLBHlcdMPpETkuzXXrWmi
vAIEQ7d/JLLiEYYiUU6qoFAvVfwHA4PV7M9W9g87aWnEaNsAN7Dx+1iEU90lzKCS
cGZnm85nX6m7S6GVov3cSO9KsY4aLblM9RQvRVi7bXVzxUTCraHvrQW85b/1VMQR
D7ZON6CBlC1q9kE31peRmFuDS6083ZfXnDF+F/sUXSszsAJ1bTl3jfXrgUk6SiN9
T1nbU7G1kSYkHvWYFoHBnG5xq8l/jJQGVO1MJiKSI2JCzyjRleoKhPY89WTchHFu
tHXQLbzTb6dZC8qfl4iM5EPjEtcQFsq5ZCCIci7khGv8adGKMlXZMePaQJN3THzG
KGCOx6GXpwYTa/rGajXTxreh8aTttzrN+BIUmbtczXuUQiBnmrfn5/arbb9qsB7u
Kx3kR31qCfiRKAnhWiayG/tNprf3O9aDCQ1dYjN7DbKQFTcaKPXC8zE8mhmG47rm
mKC0akgBGcBlEgn4xoTzcp1Nfh4V476Epdx7qgFhJaALViAoCfg=
=y/lP
-----END PGP SIGNATURE-----

Message #31 received at 879521-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 879521-close@bugs.debian.org

Subject: Bug#879521: fixed in irssi 1.0.2-1+deb9u3

Date: Sun, 12 Nov 2017 15:33:02 +0000

Source: irssi
Source-Version: 1.0.2-1+deb9u3

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879521@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Nov 2017 23:00:22 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.2-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 879521
Description: 
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Changes:
 irssi (1.0.2-1+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address IRSSI-SA-2017-10.
     - CVE-2017-15228: Unterminated colour formatting sequences may cause
       data access beyond the end of the buffer.
     - CVE-2017-15227: Failure to remove destroyed channels from
       the query list while waiting for the channel synchronisation
       may result in use after free conditions when updating the
       state later on.
     - CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
       could cause NULL pointer dereference.
     - CVE-2017-15723: Overlong nicks or targets may result in a NULL
       pointer dereference while splitting the message.
     - CVE-2017-15722: Read beyond end of buffer may occur if a Safe
       channel ID is not long enough.
     (Closes: #879521)
Checksums-Sha1: 
 8c2eaba7e87cc4e998b73e0d7f8b6943a07478a0 2093 irssi_1.0.2-1+deb9u3.dsc
 9e6660d6f8eb105cd84fc51e0467f46b799583bd 23200 irssi_1.0.2-1+deb9u3.debian.tar.xz
Checksums-Sha256: 
 879138ebd05e9e853357979b7791c43ae76586686e6de8d870b7a8ab1f4ea50a 2093 irssi_1.0.2-1+deb9u3.dsc
 f7a205277275b7ac03d7a05743ee8df841955c8287802c0b2f38d321b4cc0dc5 23200 irssi_1.0.2-1+deb9u3.debian.tar.xz
Files: 
 8874e4e0bdbd1dc82b2cf12289d5d0ab 2093 net optional irssi_1.0.2-1+deb9u3.dsc
 113bb55eb6aeaaf879032cb4c8c7f7dc 23200 net optional irssi_1.0.2-1+deb9u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln6RRpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELIwP/3tGeLtprSCeaXwFGp3pSJbEQdtW8B8k
/XaIhmNbMx0fXoLQkp9fv6O/4KFCYEtK94L/p4xIGW1PNkXIpor9S2KUIJSFGZmS
0qvB3A97/y6qWorJI2yFJAA0Derg5tuohZg3fGEA9g38/b5t2wzGNSEHzVW0WiPp
v9fGGDkW00uG76v1VuQ5dVz7pseLxqvIJnW8GWO5ZsKRMCSRC2G+Sy6/MbRvbxq3
R73mCjyfRGT6TMcvnnPb9mJx4x+nnT47FDi3yuGVUWgVu0TAE1uhGWXsNx8M+PIr
DTXpAQGPgd8iAbbVVJO0Mkfe9PhT1hnfYKUzdCBu1rhubl/en/f3hpuXG7xRCHNp
6Pp265SNgzgTclYFIA89+daMBxHXWf+I9AQA7wDNMydnoM+2EYYdTjyA6dhXcn15
M7cgbeByZW0KtB3O5SOhyYhGiIeTPForW3psDbsiaJo9IiD6MzJQieJz/1S5pDTw
tqy0Us8yhCBhOF7DX5RzIVyWB/gN4us32eViVk2bs4hg1j336LIKa1FoqsDS2RUr
dajAWPQ60UmRvUe8Nmnr+VxvTCvb3iFVEhjY1hKSwM9e90rD9mR2zhomJMAAaVVK
MgpFghBtt1QssIKHC00mxd0nVGBXaknMzKhayXvM8BAcOOdJoe2w30nT1fegM02+
BnZq06AGHTGQ
=6Wv0
-----END PGP SIGNATURE-----

Message #36 received at 879521-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 879521-close@bugs.debian.org

Subject: Bug#879521: fixed in irssi 0.8.17-1+deb8u5

Date: Sat, 18 Nov 2017 22:18:55 +0000

Source: irssi
Source-Version: 0.8.17-1+deb8u5

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879521@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Nov 2017 22:57:01 +0100
Source: irssi
Binary: irssi irssi-dbg irssi-dev
Architecture: source
Version: 0.8.17-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 867598 879521
Description: 
 irssi      - terminal based IRC client
 irssi-dbg  - terminal based IRC client (debugging symbols)
 irssi-dev  - terminal based IRC client - development files
Changes:
 irssi (0.8.17-1+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address IRSSI-SA-2017-07.
     - CVE-2017-10965: NULL pointer dereference when receiving messages
       with invalid timestamp.
     - CVE-2017-10966: Use after free after nicklist structure has been
       corrupted while updating a nick group.
     (Closes: #867598)
   * Address IRSSI-SA-2017-10.
     - CVE-2017-15228: Unterminated colour formatting sequences may cause
       data access beyond the end of the buffer.
     - CVE-2017-15227: Failure to remove destroyed channels from
       the query list while waiting for the channel synchronisation
       may result in use after free conditions when updating the
       state later on.
     - CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
       could cause NULL pointer dereference.
     - CVE-2017-15723: Overlong nicks or targets may result in a NULL
       pointer dereference while splitting the message.
     - CVE-2017-15722: Read beyond end of buffer may occur if a Safe
       channel ID is not long enough.
     (Closes: #879521)
Checksums-Sha1: 
 bcad573eb51b1e0b2c2267bcf21e40debf9a8160 2151 irssi_0.8.17-1+deb8u5.dsc
 cf97bb384b3f36703329ac1612c4f2dc182a1bdd 27372 irssi_0.8.17-1+deb8u5.diff.gz
Checksums-Sha256: 
 bc97705385b66c97397177bbb191a7313f09ec349206b3e30d82c9d6bf7c1c93 2151 irssi_0.8.17-1+deb8u5.dsc
 d92970a38877b64ea2364aae5b56befd439dab6bf243b63c4e39584775e79702 27372 irssi_0.8.17-1+deb8u5.diff.gz
Files: 
 91f8508a09a6ed850f85718568dd1e59 2151 net optional irssi_0.8.17-1+deb8u5.dsc
 ee65eea42cc98a7be56586f99dabea0a 27372 net optional irssi_0.8.17-1+deb8u5.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln6RC1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EnhkP/1eoyv7BG6z+s8VuoLl/P1+q3acSAQ9O
9r1naateTXcpxDADxxZeName66IrTY+oKKYWOohuaScebVa3Lzm+PdtcFDCUZYJW
OuDZL3qcBwO7ti0sKxfX8+vf8j6XKDnUjsFiTEueYDsXkf2wKhwKbzj57k/KHoi3
j7wp+aM89u5JqXQf8S3nGKVUdLB6MaZz7wDYJO0tdEKBlEn+Og6f850ykx7D23S9
63AfJtLXgGxc5e+pDO3qhWnSNZRvRb78AB1ID3c+eHIVxi1GbTPCPk+JEawsqPr6
ZwEP9oIYls2r8ODls9GADHAxuOUoXDuGUArL1EZKgwQSkJNEqlCntY4bje3nGCEx
XWYGUhuJwgsyt8RdBiLry7mRES2GbqGOAGf+blTE8TcStNac7slylUcbezCnB45H
CtFt3gYClIt9qr1a9KJgrywwVSS1ZiJ4JlDA34wuBOZBIyNxa9ZFXkq54ntAsNVT
f8eBdM5v1MVxjw5kVbO+S2KqowNByXzJwNU8dZS42hX1NOcHp9stk17ufKsj/mBA
p1TAp6wUGgRgT9M5M8p89etg2YxevmfqGKjzfUCbNvRm60BT6FLko+CuJHHis+fT
w8u0qajYaiIgOOEyNK2psCD93QIT9BZQ+BeXwoiHK503+AtcUjOhn0FENyX6aCIo
r1FoUT2XPZr2
=iaIQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.