Debian alert DLA-1088-1 (irssi)
| From: | Lucas Kanashiro <kanashiro@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1088-1] irssi security update | |
| Date: | Mon, 4 Sep 2017 16:21:21 -0300 | |
| Message-ID: | <20170904192046.er6pbj6mzc35efvm@riseup.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : irssi Version : 0.8.15-5+deb7u2 CVE ID : CVE-2017-9468 CVE-2017-9469 Debian Bug : #864400 Irssi has some issues where remote attackers might be able to cause a crash. CVE-2017-9468 In irssi, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. CVE-2017-9469 In irssi, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. For Debian 7 "Wheezy", these problems have been fixed in version 0.8.15-5+deb7u2. We recommend that you upgrade your irssi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmtp1oACgkQ+COicpiD yXwM/xAAgv3UIlB1ISMQ7EmKq+WVF060QFkdaj/0r/SnebT7SiwENcGcIk/YXjhJ 6ERgicynU0fkP1hqP09Dgj2pg8/D2Ly0sfAqU7nM8o0/fOFtExyRcchTclAD/n2r JdzvyCNWUy/VuSdDyjIu7DPQY9EFECIW7AkI8NdLQTGmY4ec9NuEGyRRjinuQ72F DJd6LFYUZXxLcct2B6ZKGDNb4+nLQruLhQ+4CoaoSHbcHErk0m4uNH9z/zYYYEgM ebbzFSdOUz0QkiqpU7gUfJtDc4r6OFymkicdN1f1oSpCsIz3rsb7pkJAeoKJ8KEO jE8xnCCC4uXamVqCkJ+EQcSgQMhf+ynqGwzCAX4BUfDjq1BUIUGvBCIwvoVXhAdf j1D1C07nBDxN2bSP6U+Q0dx5oTiK94dz9xhNeQuRc5fXXeVQuR/M+UNj+d62kG6N HZKxaGOec2EbRdIcbl6EtqMtIesipoAhao5xXBVYfRfS75Mpovto8xCS7lWaWmAu VajSoGw1ELo5Ui+ofu7M76Z7ZScxE4NZ3EJ8KGJLeBtXASo497IDwoVsE7hPAL5Z BYmASGwUm97fbqPBboLaz1Yx6lhulCX+zRdgtRcPbmTyyC6yiSpE1r30KsIS5/Pr 1BrFHnxZqvc6Dva6CQPzMaPG7XDhyuyxO2e80dZzoWQBZo3w0ZQ= =2v4u -----END PGP SIGNATURE-----