weechat: crash in logger plugin when converting date/time specifiers in file mask (CVE-2017-14727)
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
Fixed in:
weechat 1.9.1
References:
https://weechat.org/download/security/
https://nvd.nist.gov/vuln/detail/CVE-2017-14727
Patch:
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
(from redmine: issue id 7928, created on 2017-09-27, closed on 2017-10-24)
- Relations:
- child #7929 (closed)
- child #7930 (closed)
- child #7931 (closed)
- child #7932 (closed)