Package "irssi"
Name: |
irssi
|
Description: |
terminal based IRC client
|
Latest version: |
0.8.19-1ubuntu1.9 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Homepage: |
http://irssi.org/ |
Links
Download "irssi"
Other versions of "irssi" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
irssi (0.8.19-1ubuntu1.9) xenial-security; urgency=medium
* SECURITY UPDATE: User after free
- debian/patches/CVE-2019-13045.patch: copy sasl username
and password values in src/irc/core/irc-core.c,
src/irc/core/irc-servers-reconnect.c,
src/irc/core/irc-servers-setup.c.
- CVE-2019-13045
-- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Jul 2019 10:09:59 -0300
|
Source diff to previous version |
CVE-2019-13045 |
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. |
|
irssi (0.8.19-1ubuntu1.8) xenial-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2019-5882.patch: fix in
src/fe-text/textbuffer-view.c.
- CVE-2019-5882
-- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Jan 2019 09:34:59 -0300
|
Source diff to previous version |
CVE-2019-5882 |
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. |
|
irssi (0.8.19-1ubuntu1.7) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-7050.patch: check if
nick is Null in src/fe-common/core/chat-completion.c.
- CVE-2018-7050
* SECURITY UPDATE: Certain nick names result in out-of-bounds
access
- debian/patches/CVE-2018-7051.patch: don't read beyond end of
escaped string in src/fe-common/core/themes.c.
- CVE-2018-7051
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-7052.patch: check if window parent
is Null in src/fe-text/mainwindows.c.
- CVE-2018-7052
* SECURITY UPDATE: use-after-free
- debian/patches/CVE-2018-7053.patch: avoiding
reuse sasl timeout in src/irc/core/sasl.c.
- CVE-2018-7073
-- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Feb 2018 17:35:02 -0300
|
Source diff to previous version |
CVE-2018-7050 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. |
CVE-2018-7051 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme str |
CVE-2018-7052 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL p |
CVE-2018-7053 |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected orde |
CVE-2018-7073 |
RESERVED |
|
irssi (0.8.19-1ubuntu1.6) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overread via incomplete escape codes
- debian/patches/CVE-2018-5205.patch: check for complete char in
src/core/misc.c.
- CVE-2018-5205
* SECURITY UPDATE: NULL dereference via setting channel topic without
specifying a sender
- debian/patches/CVE-2018-5206.patch: do not record topic change time
when sender is blank in src/irc/core/channel-events.c.
- CVE-2018-5206
* SECURITY UPDATE: buffer overread via incomplete variable argument
- debian/patches/CVE-2018-5207.patch: disable variable arguments code
in src/core/special-vars.c.
- CVE-2018-5207
* SECURITY UPDATE: heap overflow in completion code
- debian/patches/CVE-2018-5208.patch: check for direct match of
separator in src/fe-common/core/completion.c.
- CVE-2018-5208
-- Marc Deslauriers <email address hidden> Mon, 08 Jan 2018 14:41:10 -0500
|
Source diff to previous version |
CVE-2018-5205 |
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. |
CVE-2018-5206 |
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. |
CVE-2018-5207 |
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. |
CVE-2018-5208 |
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. |
|
irssi (0.8.19-1ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2017-1096x.patch: check return value of localtime
in src/core/misc.c, correct GHashTable usage in src/core/nicklist.c.
- CVE-2017-10965
- CVE-2017-10966
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2017-15xxx.patch: address security issues in
src/core/recode.c, src/fe-common/core/themes.c,
src/irc/core/channel-events.c, src/irc/core/channels-query.c,
src/irc/core/irc-servers.c, src/irc/dcc/dcc-chat.c,
src/irc/dcc/dcc-get.c, src/irc/dcc/dcc-send.c.
- CVE-2017-15227
- CVE-2017-15228
- CVE-2017-15721
- CVE-2017-15722
- CVE-2017-15723
-- Marc Deslauriers <email address hidden> Wed, 25 Oct 2017 08:00:36 -0400
|
CVE-2017-1096 |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod |
CVE-2017-10965 |
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. |
CVE-2017-10966 |
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free t |
CVE-2017-15227 |
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting i |
CVE-2017-15228 |
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. |
CVE-2017-15721 |
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue |
CVE-2017-15722 |
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. |
CVE-2017-15723 |
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. |
|
About
-
Send Feedback to @ubuntu_updates