[3.5] weechat: crash in logger plugin when converting date/time specifiers in file mask (CVE-2017-14727)
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
Fixed in:
weechat 1.9.1
References:
https://weechat.org/download/security/
https://nvd.nist.gov/vuln/detail/CVE-2017-14727
Patch:
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
(from redmine: issue id 7930, created on 2017-09-27, closed on 2017-10-24)
- Relations:
- parent #7928 (closed)
- Changesets:
- Revision 60130a2d on 2017-10-23T14:20:31Z:
main/weechat: security fix (CVE-2017-14727)
fixes #7930