Control: found -1 2.3-1 Control: found -1 1.6-1+deb9u2 Control: found -1 1.6-1
Hi, On Thu, Feb 13, 2020 at 10:39:20PM +0100, Salvatore Bonaccorso wrote: > Source: weechat > Version: 2.6-2 > Severity: important > Tags: security upstream > > Hi, > > The following vulnerability was published for weechat. > > CVE-2020-8955[0]: > | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through > | 2.7 allows remote attackers to cause a denial of service (buffer > | overflow and application crash) or possibly have unspecified other > | impact via a malformed IRC message 324 (channel mode). > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-8955 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8955 > [1] > https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da > > Please adjust the affected versions in the BTS as needed. Btw, note that there are as well two further issues fixed (without CVE as mentioned on https://weechat.org/doc/security/ aressed in 2.7.1). Regards, Salvatore
