irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)
CVE-2017-9468: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
Fixed in:
Irssi 1.0.3
Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
CVE-2017-9469: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
Fixed in:
Irssi 1.0.3
Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
(from redmine: issue id 7393, created on 2017-06-07, closed on 2017-06-15)
- Relations:
- child #7394 (closed)
- child #7395 (closed)
- child #7396 (closed)
- child #7397 (closed)
- child #7398 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information