[3.6] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)
CVE-2017-9468: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
Fixed in:
Irssi 1.0.3
Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
CVE-2017-9469: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
Fixed in:
Irssi 1.0.3
Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
(from redmine: issue id 7395, created on 2017-06-07, closed on 2017-06-15)
- Relations:
- parent #7393 (closed)
- Changesets:
- Revision 19354120 on 2017-06-15T10:26:54Z:
main/irssi: security upgrade to 1.0.3 (CVE-2017-9468, CVE-2017-9469)
Fixes #7395