[CVE-2012-5854] weechat: Buffer overflow

Debian Bug report logs - #693026
[CVE-2012-5854] weechat: Buffer overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: weechat: Buffer overflow

Date: Mon, 12 Nov 2012 08:53:27 +0100

Package: weechat
Severity: grave
Tags: security
Justification: user security hole

Please see https://savannah.nongnu.org/bugs/?37704

A CVE ID has been requested, but not yet assigned:
http://www.openwall.com/lists/oss-security/2012/11/10/4

Fix:
http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff;h=9453e81baa7935db82a0b765a47cba772aba730d

Since the version in sid is more recent than in Wheezy, you'll need to fix this
through testing-proposed-updates:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#t-p-u

Cheers,
        Moritz

Message #10 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: debian-release@lists.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Subject: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Mon, 12 Nov 2012 14:01:13 +0100

[Message part 1 (text/plain, inline)]

Hi,

I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1
to testing-proposed-updates in order to fix a security issue which could
permit to a remote attacker to crash weechat by forging malicious IRC
messages: http://bugs.debian.org/693026

As said in the bug report, A CVE ID has been requested, but not yet
assigned.

This bug has already been fixed in unstable with the upload of weechat
0.3.9.1-1 a few hours ago.

Attached is the diff.

Thanks for your replies.


Regards,

M.

-- 
Emmanuel Bouthenot
  mail: kolter@{openics,debian}.org    gpg: 4096R/0x929D42C3
  xmpp: kolter@im.openics.org          irc: kolter@{freenode,oftc}

[weechat_0.3.8-2wheezy1.diff (text/x-diff, attachment)]

Message #17 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: debian-release@lists.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Subject: Re: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Thu, 15 Nov 2012 08:59:07 +0100

On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote:
[...]

> I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1
> to testing-proposed-updates in order to fix a security issue which could
> permit to a remote attacker to crash weechat by forging malicious IRC
> messages: http://bugs.debian.org/693026

No opinions?


Regards

M.

-- 
Emmanuel Bouthenot
  mail: kolter@{openics,debian}.org    gpg: 4096R/0x929D42C3
  xmpp: kolter@im.openics.org          irc: kolter@{freenode,oftc}

Message #22 received at 693026@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Emmanuel Bouthenot <kolter@openics.org>

Cc: debian-release@lists.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Subject: Re: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Thu, 15 Nov 2012 19:23:11 +0000

On Thu, 2012-11-15 at 08:59 +0100, Emmanuel Bouthenot wrote:
> On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote:
> > I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1
> > to testing-proposed-updates in order to fix a security issue which could
> > permit to a remote attacker to crash weechat by forging malicious IRC
> > messages: http://bugs.debian.org/693026
> 
> No opinions?

More likely that no-one's had chance to look at it yet, given that the
mail wasn't filed via the BTS, there were less than three days since the
original mail and we've still got quite a few other requests to
process. :-/

Regards,

Adam

Message #27 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: debian-release@lists.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Subject: Re: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Thu, 15 Nov 2012 20:27:29 +0100

[Message part 1 (text/plain, inline)]

On Thu, Nov 15, 2012 at 08:59:07 +0100, Emmanuel Bouthenot wrote:

> On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote:
> [...]
> 
> > I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1
> > to testing-proposed-updates in order to fix a security issue which could
> > permit to a remote attacker to crash weechat by forging malicious IRC
> > messages: http://bugs.debian.org/693026
> 
> No opinions?
> 
My opinion is you can wait more than a couple days.

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: Julien Cristau <jcristau@debian.org>

Cc: debian-release@lists.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Subject: Re: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Thu, 15 Nov 2012 21:17:49 +0100

On Thu, Nov 15, 2012 at 08:27:29PM +0100, Julien Cristau wrote:
[...]

> My opinion is you can wait more than a couple days.

Anyway, I've learnt today that it has been discovered another security
issue which will lead to another CVE soon, hence I suggest to wait until
this one will be fixed in unstable.

I'll come back to you for an upload in t-p-u which will fix these two
bugs in a row.


Regards,

M.

-- 
Emmanuel Bouthenot
  mail: kolter@{openics,debian}.org    gpg: 4096R/0x929D42C3
  xmpp: kolter@im.openics.org          irc: kolter@{freenode,oftc}

Message #37 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Julien Cristau <jcristau@debian.org>, debian-release@lists.debian.org, 693026@bugs.debian.org

Subject: Re: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Fri, 30 Nov 2012 16:06:41 +0100

On Thu, Nov 15, 2012 at 09:17:49PM +0100, Emmanuel Bouthenot wrote:
> On Thu, Nov 15, 2012 at 08:27:29PM +0100, Julien Cristau wrote:
> [...]
> 
> > My opinion is you can wait more than a couple days.
> 
> Anyway, I've learnt today that it has been discovered another security
> issue which will lead to another CVE soon, hence I suggest to wait until
> this one will be fixed in unstable.
> 
> I'll come back to you for an upload in t-p-u which will fix these two
> bugs in a row.

What's the status?

Cheers,
        Moritz

Message #42 received at 693026@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 693026@bugs.debian.org

Cc: Julien Cristau <jcristau@debian.org>, debian-release@lists.debian.org

Subject: Re: Bug#693026: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1

Date: Fri, 30 Nov 2012 16:19:28 +0100

On Fri, Nov 30, 2012 at 04:06:41PM +0100, Moritz Muehlenhoff wrote:
[...]

> > Anyway, I've learnt today that it has been discovered another security
> > issue which will lead to another CVE soon, hence I suggest to wait until
> > this one will be fixed in unstable.
> > 
> > I'll come back to you for an upload in t-p-u which will fix these two
> > bugs in a row.
> 
> What's the status?
Following release team members, I filed a bug report.

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693702

M.

-- 
Emmanuel Bouthenot
  mail: kolter@{openics,debian}.org    gpg: 4096R/0x929D42C3
  xmpp: kolter@im.openics.org          irc: kolter@{freenode,oftc}

Message #47 received at 693026-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@debian.org>

To: 693026-close@bugs.debian.org

Subject: Bug#693026: fixed in weechat 0.3.8-1+deb7u1

Date: Mon, 17 Dec 2012 14:48:26 +0000

Source: weechat
Source-Version: 0.3.8-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693026@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@debian.org> (supplier of updated weechat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Dec 2012 14:13:37 +0000
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg
Architecture: source all amd64
Version: 0.3.8-1+deb7u1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Emmanuel Bouthenot <kolter@debian.org>
Changed-By: Emmanuel Bouthenot <kolter@debian.org>
Description: 
 weechat    - Fast, light and extensible chat client
 weechat-core - Fast, light and extensible chat client - core files
 weechat-curses - Fast, light and extensible chat client - console client
 weechat-dbg - Fast, light and extensible chat client - debugging symbols
 weechat-dev - Fast, light and extensible chat client - developement headers
 weechat-doc - Fast, light and extensible chat client - documentation
 weechat-plugins - Fast, light and extensible chat client - plugins
Closes: 693026
Changes: 
 weechat (0.3.8-1+deb7u1) testing-proposed-updates; urgency=high
 .
   * Add a patch to fix a crash while decoding IRC colors in strings. A remote
     attacker could exploit this issue by forging malicious IRC messages.
     Fixes CVE-2012-5854. (Closes: #693026)
   * Add a patch to not call a shell to execute command in hook_process (fix
     security issue when a plugin/script gives untrusted command). Fixes
     CVE-2012-5534.
Checksums-Sha1: 
 5c6102cc0fb3d6134c42955a5f258ca942db8df7 2424 weechat_0.3.8-1+deb7u1.dsc
 28e0a2a58eecfe21c92261a003b9082cf4659546 16331 weechat_0.3.8-1+deb7u1.debian.tar.gz
 c6207a252d2a98bd7feb64da00547b228910c6b5 33092 weechat_0.3.8-1+deb7u1_all.deb
 0c1833661fd2752d4b5a72f9d5c0d4d0c162cf30 337290 weechat-curses_0.3.8-1+deb7u1_amd64.deb
 78347cb1e17e3e1232623ce00fa5c902b0493312 930382 weechat-core_0.3.8-1+deb7u1_amd64.deb
 a7e76fdd1476956796af1e7d72c27054cae2c800 498796 weechat-plugins_0.3.8-1+deb7u1_amd64.deb
 c5d5d72b7267b196152efd15dc78c9d13ea4e977 830256 weechat-doc_0.3.8-1+deb7u1_all.deb
 76ebdd117417a3f9e5223abe019f0ca79fd68d2b 46922 weechat-dev_0.3.8-1+deb7u1_all.deb
 fc11cff1fc246e13881aa2436c9f584c4eb076e3 2631480 weechat-dbg_0.3.8-1+deb7u1_amd64.deb
Checksums-Sha256: 
 78ec6be2cca7ae1756136b0a9fff9e5c2f7ebbf5d7ade1e758b2a0686f17cb0e 2424 weechat_0.3.8-1+deb7u1.dsc
 da7ab4e4070c219d7ddc404017fce849ea95d2fc9398b101036eab7019074c72 16331 weechat_0.3.8-1+deb7u1.debian.tar.gz
 7cf9f6386e11914ddd85b351e4fce6237c993b25cff94bec8b1e777bbeb6020c 33092 weechat_0.3.8-1+deb7u1_all.deb
 c8fbe36672737e42e475930975b09ae2803b9ce12e4ac2564467911581a1be59 337290 weechat-curses_0.3.8-1+deb7u1_amd64.deb
 8d6e898826fd3aecf369ed7195ce8bf6ad8101e5d6035ee2ba87f02eae7d80c9 930382 weechat-core_0.3.8-1+deb7u1_amd64.deb
 ee060113ef758c1845e5c2a04d220d031de89bb46e3567a8ac5198a7c20a9c52 498796 weechat-plugins_0.3.8-1+deb7u1_amd64.deb
 e1dd379aa8fa32a1b74dffd6c017728ea989162501001696f61aa0fc2c247062 830256 weechat-doc_0.3.8-1+deb7u1_all.deb
 742b99eae6a43479fde167f0210ab532c4b48d1c2a7725462c08cc7babad6987 46922 weechat-dev_0.3.8-1+deb7u1_all.deb
 897ae8fb9088709ade3772556fcc7ca6c4d2d12148f194a07b3b2bb26aef27f4 2631480 weechat-dbg_0.3.8-1+deb7u1_amd64.deb
Files: 
 504c5985dd6d0adb4447044b73442a28 2424 net optional weechat_0.3.8-1+deb7u1.dsc
 10eea1bc9aa2eb7202a730d915032825 16331 net optional weechat_0.3.8-1+deb7u1.debian.tar.gz
 b4d5afbe77f7cca73e571e19f9175f54 33092 net optional weechat_0.3.8-1+deb7u1_all.deb
 cd07017597738621a963cd76afff10fa 337290 net optional weechat-curses_0.3.8-1+deb7u1_amd64.deb
 7f932cfad469e2be6802be2690ecf5f4 930382 net optional weechat-core_0.3.8-1+deb7u1_amd64.deb
 5987fa3d8b927fe6a9bb239fdda7f036 498796 net optional weechat-plugins_0.3.8-1+deb7u1_amd64.deb
 a7d50f2463e95aa8341de12abc8f26c8 830256 doc optional weechat-doc_0.3.8-1+deb7u1_all.deb
 b2c3df5cf42016fd02d54928f827f214 46922 devel optional weechat-dev_0.3.8-1+deb7u1_all.deb
 9480f4b3199abc66988949bc873ae47d 2631480 debug extra weechat-dbg_0.3.8-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQzy4fAAoJEEsHdyOSnULDHisQAIpo8xTTmrERo8nzVMGxXKcL
2bfM+cYdcIFs+/10eSc7oRAgPmFenK63uK6YKriaXc2slnr1wR45SAfJQDrWtHy5
p2jlSqRneDwEbC6Om2iFHv/nW5BJHNdKZkZUsfsR4r06e4hh0PPSSxIgwyfucR4S
RivfcQpd6jvmZaMA6n2CmwAUZqiEs602MZAloIJYKE6MeCddFXcV6yZii62zfIn0
86tblhxosgJ7iQjpTx0AlRsN4YZRTyXIk1Lh9bLsyfIPB1WQSVy7l07g1fLNdhdM
QwOxU8nGPcaeEXI3G8MGzzm3FtOhF3J3I7NSRprZiNk6eIAE5rTKfjrqT9f7Zkdj
Za5SKc8RAig6JpYSEkdpcUZspQ5b3YVsHOxKKspq7bC2qI5IMP/8q0V9bkhXRH9P
AZyR8DQ94+PdCEtOQCRJSzC9ZCbZoNJlsiEc3PjaNQKaeAg7pLSwCStLQTQIDuK3
aOjdhZCOkb6w/8c58PgMrLnndfLCwBSRdsjviQlxvmHbr+dewsdsoRBNQM5ZFWpP
+yJtSejC9NpxnUn1/XCulkGqqGzBRa0nlWH/dKlL84hNQMdh+j8A9ZflEdkikVJP
kF4YezX7LVtH/7bpAzAOFreVPIQVk3KxDqNOY2vM3h6mtEEBrgf3sqKSqm1NDY2l
zsjSKGjGgdD3Gge/Dl0B
=sSI1
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.