[3.4] irssi: Multiple vulnerabilities (CVE-2017-15721, CVE-2017-15722, CVE-2017-15723, CVE-2017-15227, CVE-2017-15228)
CVE-2017-15721: In Irssi before 1.0.5, certain incorrectly formatted
DCC CTCP
messages could cause a NULL pointer dereference.
References:
https://irssi.org/security/
http://openwall.com/lists/oss-security/2017/10/22/4
Patch:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15722: In certain cases, Irssi before 1.0.5 may fail to
verify that a Safe
channel ID is long enough, causing reads beyond the end of the string.
References:
https://irssi.org/security/
http://openwall.com/lists/oss-security/2017/10/22/4
Patch:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15723: In Irssi before 1.0.5, overlong nicks or targets may
result in a
NULL pointer dereference while splitting the message.
References:
https://irssi.org/security/
http://openwall.com/lists/oss-security/2017/10/22/4
Patch:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15227: Irssi before 1.0.5, while waiting for the channel
synchronisation,
may incorrectly fail to remove destroyed channels from the query list,
resulting
in use-after-free conditions when updating the state later on.
References:
https://irssi.org/security/
http://openwall.com/lists/oss-security/2017/10/22/4
Patch:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15228: Irssi before 1.0.5, when installing themes with
unterminated colour
formatting sequences, may access data beyond the end of the string.
References:
https://irssi.org/security/
http://openwall.com/lists/oss-security/2017/10/22/4
Patch:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
(from redmine: issue id 8048, created on 2017-10-24, closed on 2018-02-20)
- Relations:
- parent #8045 (closed)