Your message dated Fri, 28 Apr 2017 10:32:40 +0000
with message-id <e1d43ca-000ake...@fasolo.debian.org>
and subject line Bug#861121: fixed in weechat 1.0.1-1+deb8u1
has caused the Debian Bug report #861121,
regarding weechat: CVE-2017-8073
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
861121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: weechat
Version: 1.0.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for weechat.
CVE-2017-8073[0]:
| WeeChat before 1.7.1 allows a remote crash by sending a filename via
| DCC to the IRC plugin. This occurs in the
| irc_ctcp_dcc_filename_without_quotes function during quote removal,
| with a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
[1] https://weechat.org/news/95/20170422-Version-1.7.1/
[2]
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: weechat
Source-Version: 1.0.1-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Apr 2017 07:01:43 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc
weechat-dev weechat-dbg
Architecture: all source
Version: 1.0.1-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Emmanuel Bouthenot <kol...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 861121
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
weechat (1.0.1-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
Checksums-Sha1:
9c36a0184acfc045cdf9182d5e8d78f15003c8c0 2611 weechat_1.0.1-1+deb8u1.dsc
6ff5ab2a5b2044dbdc555d00053cc32315703566 1662196 weechat_1.0.1.orig.tar.xz
3a98df11362fcf304b96dd9ce51c25b9ac40ecc5 15140
weechat_1.0.1-1+deb8u1.debian.tar.xz
b8e3ae40189a3ecae1c78e55879866d4822cf316 48720 weechat_1.0.1-1+deb8u1_all.deb
fd4369e583c7509f97790f96e210ac900a08a72f 775034
weechat-doc_1.0.1-1+deb8u1_all.deb
48d5dba1530b303290c1d1c04384cc6f695186ef 60228
weechat-dev_1.0.1-1+deb8u1_all.deb
Checksums-Sha256:
3bdaeffdad111b6dfe6d0d04fdf71c099108c7ad30c49748e7b9ee22d959b8e0 2611
weechat_1.0.1-1+deb8u1.dsc
3ce0ec8a2f3a4c4f10fb0e49f71128c914b04368ce3e55a7cc378ad6c5664d7a 1662196
weechat_1.0.1.orig.tar.xz
e010fa2351011699d065035a6ca730e4f3f72a44e6744d87fca88d50e534bac0 15140
weechat_1.0.1-1+deb8u1.debian.tar.xz
820567af38f71d8e99665b041150b013e64538e28e48250788883de21ea0ecdd 48720
weechat_1.0.1-1+deb8u1_all.deb
29b716635578e7aab8cac25d229db57c7cdf2d4ce5ae2b63a60ada69c78633dc 775034
weechat-doc_1.0.1-1+deb8u1_all.deb
084a1c005a373677b53afda7e624f6e20ab8f1bd92be4c5d2e2631bfad2c278b 60228
weechat-dev_1.0.1-1+deb8u1_all.deb
Files:
9df928d3d80fa91c6f4121e4ce69401e 2611 net optional weechat_1.0.1-1+deb8u1.dsc
6a2d15eae08bb83499400e0255f31431 1662196 net optional weechat_1.0.1.orig.tar.xz
92167bf6935d34844f41ba6b596f1198 15140 net optional
weechat_1.0.1-1+deb8u1.debian.tar.xz
1ab9d7a9605dae2152b37a91cf9c3e92 48720 net optional
weechat_1.0.1-1+deb8u1_all.deb
2cbf6fcc22323cda0f3c60fd5106e4a5 775034 doc optional
weechat-doc_1.0.1-1+deb8u1_all.deb
b23cba510535d945429a2ae1742ebb87 60228 devel optional
weechat-dev_1.0.1-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlj+3/JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E/VsP/3U/mzVKBwnnIRWDkJCPnmFGPNxJAE2z
XBfLMN5LsoU2ssIyeTIYXKIvw6ZUYqRHi/DzAlMTegs3cYCrw0Hb+K7zsp2nlL4h
OecHsDFfkScMvTHy5vffx1GlKxaKawLMYKWG9xOD3MBKyKqEqz4hEzh+SuAaD81D
A0gJx2sdT6Fa0j3j3EC4jPFmRn90Lm3tYPTxlENA7HA0i4MUSSh3sYHW/tfV23ub
t8xWuYVPb0ttHe2Jj2RnH1YgXqhqRAb1XwQfpgmUeHnQWvbd+NuMP+bX6rgifzCV
n4ngF3txL+dLjekEzYF5CI2hh60KXlTH5KYQ0knj4JBjndwzWme9HYqzh8f4YGsC
Nj6gCvbk67PN3ZmZbtF6kiwuDWrf4Tl+V5VIfSuQQtz0SjUrDeA1HrlLWQ9wzu7F
2REhQMvIai2quleEW22S6b7tIff1K913pKi19eyHtYmRKHhxDcvGPCHo3z6L+9Dk
3hpJJN7Ur9MkWPU6/ow8pFo7oXWqyHPJAEX6cPL6nJ/1O9IdGkfXEAd3EL8wj8G6
8V4hDkuFBzpk+oYqkHjNtqnPAQa7xQzsO2q13DPYIZUqI1MW0wY5dq/kKSSTC95o
cYnrp+byKa3IXMxofMQ5DbAbDDmpbF9K3RX0LGUsOYwDppSD8uZ4tuClgcqVbWon
imUKpYlhZ/hS
=2yfm
-----END PGP SIGNATURE-----
--- End Message ---
