Source: irssi Version: 0.8.17-1 Severity: important Tags: security upstream patch
Hi, the following vulnerabilities were published for irssi. CVE-2017-9468[0]: | In Irssi before 1.0.3, when receiving a DCC message without source | nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC | servers can cause a crash. CVE-2017-9469[1]: | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC | files, it tries to find the terminating quote one byte before the | allocated memory. Thus, remote attackers might be able to cause a | crash. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468 [1] https://security-tracker.debian.org/tracker/CVE-2017-9469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469 [2] https://irssi.org/security/irssi_sa_2017_06.txt [3] https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55 Regards, Salvatore
