Bugs fixes in "irssi"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2018-7053 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected orde | 2018-03-06 |
| CVE | CVE-2018-7052 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL p | 2018-03-06 |
| CVE | CVE-2018-7051 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme str | 2018-03-06 |
| CVE | CVE-2018-7050 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. | 2018-03-06 |
| CVE | CVE-2018-5208 | In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | 2018-01-10 |
| CVE | CVE-2018-5207 | When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | 2018-01-10 |
| CVE | CVE-2018-5206 | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | 2018-01-10 |
| CVE | CVE-2018-5205 | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 2018-01-10 |
| CVE | CVE-2018-5208 | In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | 2018-01-10 |
| CVE | CVE-2018-5207 | When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | 2018-01-10 |
| CVE | CVE-2018-5206 | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | 2018-01-10 |
| CVE | CVE-2018-5205 | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 2018-01-10 |
| CVE | CVE-2017-15723 | In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | 2017-10-26 |
| CVE | CVE-2017-15722 | In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | 2017-10-26 |
| CVE | CVE-2017-15721 | In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue | 2017-10-26 |
| CVE | CVE-2017-15228 | Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | 2017-10-26 |
| CVE | CVE-2017-15227 | Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting i | 2017-10-26 |
| CVE | CVE-2017-10966 | An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free t | 2017-10-26 |
| CVE | CVE-2017-10965 | An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. | 2017-10-26 |
| CVE | CVE-2017-1096 | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod | 2017-10-26 |
About
-
Send Feedback to @ubuntu_updates
