irssi: CVE-2018-7051

Debian Bug report logs - #890677
irssi: CVE-2018-7051

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: irssi: CVE-2018-7051

Date: Sat, 17 Feb 2018 16:44:31 +0100

Source: irssi
Version: 0.8.17-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for irssi.

CVE-2018-7051[0]:
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
| Certain nick names could result in out-of-bounds access when printing
| theme strings.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-7051
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051
[1] https://irssi.org/security/irssi_sa_2018_02.txt
[2] https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af

Regards,
Salvatore

Message #10 received at 890677-close@bugs.debian.org (full text, mbox, reply):

From: Rhonda D'Vine <rhonda@debian.org>

To: 890677-close@bugs.debian.org

Subject: Bug#890677: fixed in irssi 1.0.7-1

Date: Tue, 06 Mar 2018 15:51:51 +0000

Source: irssi
Source-Version: 1.0.7-1

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890677@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine <rhonda@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 06 Mar 2018 14:42:44 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
Checksums-Sha1:
 e2dbc91d63a972fc44c732e40215ac062cbfc842 2149 irssi_1.0.7-1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 a61600116bcf861a513a44b70a6152511076f41d 20344 irssi_1.0.7-1.debian.tar.xz
 c03eabca0219054f3a30150348350718140cea2c 2981160 irssi-dbgsym_1.0.7-1_amd64.deb
 faf42b31ca93ee3254a572e54d4df77b8202e9d6 453980 irssi-dev_1.0.7-1_amd64.deb
 d746d0eb83b5f1a4393e2e4aa42e818018bd8943 7294 irssi_1.0.7-1_amd64.buildinfo
 942d1b575dd70ee6f67a418eab2deaea5338635d 1085660 irssi_1.0.7-1_amd64.deb
Checksums-Sha256:
 8c16bc07a086213ead747c83e8af1ee89862c9bcef16675987dc90b699787731 2149 irssi_1.0.7-1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
 a06eedac3c912d2f14d4399591572ff98dd9601db7b6b92ba2733c319419b45c 20344 irssi_1.0.7-1.debian.tar.xz
 4cff1715765c40b856780bdfa22006ac46d2ea454b3728d8b8586c069055d9a3 2981160 irssi-dbgsym_1.0.7-1_amd64.deb
 e5ed60b15ca6a8408c1f23b64f6081a41c3790092a20019732e4783c89c12bbb 453980 irssi-dev_1.0.7-1_amd64.deb
 b3518d0f7eb496e59c9d28824edb1882d7543753f98d3ca8fcb245a4332bab21 7294 irssi_1.0.7-1_amd64.buildinfo
 ae53ebed69c37fc1716e0d06f1174846391e7f0d25c4e293dd9b53bb1f70a9e9 1085660 irssi_1.0.7-1_amd64.deb
Files:
 79a9214fd3ffaca794ba8af35e89b92c 2149 net optional irssi_1.0.7-1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
 1e28c9230efa6072958dcd54c1340a61 20344 net optional irssi_1.0.7-1.debian.tar.xz
 e4f18d54ccbd6ca8002afe94c67e7b90 2981160 debug optional irssi-dbgsym_1.0.7-1_amd64.deb
 fb4e099db6f0befa2beef3459ff3d957 453980 net optional irssi-dev_1.0.7-1_amd64.deb
 db908039423e8578ef6e1bf0e65a4845 7294 net optional irssi_1.0.7-1_amd64.buildinfo
 a7ce4ded997e5feaf5b6e716f2f5f87a 1085660 net optional irssi_1.0.7-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlqerPoACgkQ3ugEPuF+
uzDq2RAAmKnalI5aLrEjK5/UPYISYPflqnovaE2JSb0RcgQm3GPFjqmQ967Tq7gG
ND5p958VRXEubJZen1sFnSeJtjHZ3Vm4etgJS04qijR8E4Y9y6Utd+ENCFQp++LH
zraIjlIt24FccMsUsRDSoB3xP6L0navPCsLMSHODqzcuaJxF6r/jBCNS7ULyjw9a
Cbf1Ic3eS/fR5+6szk+teOVsZH7f8+HMKURzR5Q6XmAa3+S0gDZvWmFTE7ZtE+v0
ACMWhGHsDzanCpUMsPZLUsdGVxJDSw4aXBi3yFjsgkyHd69nAwnkWkHaK3le8mI4
JwnCyZ27QH88RymtCVr5/vxpnfTDs+YWanVwVaieDauD6gCswG4maDuOHUtpmBS1
fFPsclbUXHDiY23f6BmF2Mhnr7Ev8uaTSm08beEXqhiVM7PulRuZgXdXJIBgg6a0
FCoYh9prEJghrnjepiKi0vyZYuqxvMVC9e8SOkWRswXOXMClqsKhitsSc5iAr0lZ
kTqsvRsClQvo0nlbWC2SwKpRs+X8Pw3YQ6YKYm49BwoM2OjI/eQTHvSvwniVzMc7
8MIsyqmi9TJM4S+3+9uCR+DaiYcBt5Z6qgAHz6K/vLMzbIItRzjUgMD9alO1INg3
hRPtT7GpspIRAsvsQVxHllHzy5g/M9mj5RcPeb6zFg/wZw77RYo=
=tCf9
-----END PGP SIGNATURE-----

Message #15 received at 890677-close@bugs.debian.org (full text, mbox, reply):

From: Rhonda D'Vine <rhonda@debian.org>

To: 890677-close@bugs.debian.org

Subject: Bug#890677: fixed in irssi 1.0.7-1~deb9u1

Date: Mon, 02 Apr 2018 17:17:10 +0000

Source: irssi
Source-Version: 1.0.7-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890677@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rhonda D'Vine <rhonda@debian.org> (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Mar 2018 10:22:28 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 879521 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
 .
   * Security update using upstream version 1.0.7. See changelog entries of
     1.0.7-1 and 1.0.5-1 for the CVE lists.
   * Remove pulled patches that were put on top of 1.0.2.
   * Lower debhelper compat to 10.
 .
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
 .
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):
     - Fix missing -sasl_method '' in /NETWORK.
     - Fix incorrect restoration of term state when hitting SUSP
       inside screen.
     - Fix out of bounds read when compressing colour
       sequences. Found by Hanno Böck. [CVE-2017-15228]
     - Fix use after free condition during a race condition when
       waiting on channel sync during a rejoin [CVE-2017-15227]
     - Fix null pointer dereference when parsing certain malformed
       CTCP DCC messages. [CVE-2017-15721]
     - Fix crash due to null pointer dereference when failing to
       split messages due to overlong nick or target. [CVE-2017-15723]
     - Fix out of bounds read when trying to skip a safe channel ID
       without verifying that the ID is long enough. [CVE-2017-15722]
     - Fix return of random memory when inet_ntop failed.
     - Minor statusbar help update.
   * Remove deprecated --with autotools_dev call to dh.
   * Bump Standards-Version to 4.1.1.
   * Change priority of irssi-dev from deprecated extra to optional.
   * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
     directly.
Checksums-Sha1:
 dc64227d7478e374aa7363eb6632cf40045d551a 2177 irssi_1.0.7-1~deb9u1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 cb0dee4efa0c93cce87baa35da863ea6895bb8c3 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
 b1d6045ff6a2b7ac02aa61ba618c177b243b1868 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 6a061e477a0c28b0e7c1aaca47fbf80fc3605b33 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
 a8f251d110cfc33488027f9776bfc29cf2bf361e 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
 d78da08269ac5d921bd0a84e8134db4673c682f9 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Checksums-Sha256:
 bc0fe07a9ada3495b6726e4a143c6d854176b9da63e0e991de067c890b0a73bb 2177 irssi_1.0.7-1~deb9u1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
 7f6bb02371ed3f2e0e425e42991bf6c6ec78245789f04b1b134b60458f81fe37 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
 1deb1fff2de475cac7ffc1f8588156759b7937b4277d937cf24e1253fdd3a139 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 4c891cbf01f2f5725ffd2ac0af0d4f4d445e2fdea56eacc47f1d993eaaf4b67d 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
 a1b4b6c9f752da2fb37f5fef209e77dbc5bcba17debaf3d396387d0bb624abe2 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
 05c10027720f9ccfdb7f627458c69586651306792e9e8ab9aa0fa3c848b64c70 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Files:
 d187114676976360fdbd71358fe29934 2177 net optional irssi_1.0.7-1~deb9u1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
 edc760cf204c532b22a1a894e1158873 20664 net optional irssi_1.0.7-1~deb9u1.debian.tar.xz
 6ed3626c4fee9db5014a327ae1ebbb27 2937626 debug extra irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 e8fd71fcc62eb89725691122a60ad604 454488 net optional irssi-dev_1.0.7-1~deb9u1_amd64.deb
 9a9bf940f379853d90c5c0f27343fd18 7136 net optional irssi_1.0.7-1~deb9u1_amd64.buildinfo
 c49b810338d63aa5b2052c5e67707208 1082726 net optional irssi_1.0.7-1~deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlq8rUsACgkQ3ugEPuF+
uzDu/hAAhDpmNDtVAf/WG15h0R256NZ64iE+S1IRkx70IVemU3qs3qf3V0LiIz6P
szaWubkDWQaC/FoqJbm3gP4haGpNegQAL7krW6/PvllMwa8YlCJRhFJSUdel5bWX
dBB0GH3XZ36F4abrEuQeFQWnGpCRIF8ny6UXpFOAR1Bn9jyjTydH/toXL1eOypeA
7P2C6nXfx6fPeio5VJHPwtc7eWpEumelKwwEtneR5viNmNLHYAPilVfq+iOI+1bv
aVepgIr1TVbTLSD5QvoQrTDa96EW1X4/ksiU2dk8/F9YFnNnaOAuN7GxuJ6im7nM
XYhrv6wxt8MZC/rqvUFCTJzE5ELh4rHMHIGDi7Cb3HPobH1pnLnPklvPpJ3Gg8aO
PynzfCyPZo8EyBD+Ap/zASSpG1cQnWKrjTR/iKyqTtvop6olSesQUkzrlViOTKso
3h6UAZ9ylAAj7Kz3kvAmgARo/H1oVLomOdrDjZbimaaKJ2poy79FGZvfX+Xv2CBm
FQ00yAj6MY37JHy6jj+Aq6j9mNlQ5bOg1KwFEYKgjZLzFcWkQ27Jq58PW0ggZ5gG
eDCm6yaEWEE6qK0Or7eIX80g0KprrDq7l6ZIjrPETwt1n67ftlKse1rolO9FXfVd
yzK3xU4YgaX5/z5rN4/ZHX55g+XdqaLxXXcaXNaRUQe/C4lRTJw=
=uHpC
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.