Accepted irssi 1.0.2-1+deb9u3 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Nov 2017 23:00:22 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.2-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 879521
Description:
irssi - terminal based IRC client
irssi-dev - terminal based IRC client - development files
Changes:
irssi (1.0.2-1+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address IRSSI-SA-2017-10.
- CVE-2017-15228: Unterminated colour formatting sequences may cause
data access beyond the end of the buffer.
- CVE-2017-15227: Failure to remove destroyed channels from
the query list while waiting for the channel synchronisation
may result in use after free conditions when updating the
state later on.
- CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
could cause NULL pointer dereference.
- CVE-2017-15723: Overlong nicks or targets may result in a NULL
pointer dereference while splitting the message.
- CVE-2017-15722: Read beyond end of buffer may occur if a Safe
channel ID is not long enough.
(Closes: #879521)
Checksums-Sha1:
8c2eaba7e87cc4e998b73e0d7f8b6943a07478a0 2093 irssi_1.0.2-1+deb9u3.dsc
9e6660d6f8eb105cd84fc51e0467f46b799583bd 23200 irssi_1.0.2-1+deb9u3.debian.tar.xz
Checksums-Sha256:
879138ebd05e9e853357979b7791c43ae76586686e6de8d870b7a8ab1f4ea50a 2093 irssi_1.0.2-1+deb9u3.dsc
f7a205277275b7ac03d7a05743ee8df841955c8287802c0b2f38d321b4cc0dc5 23200 irssi_1.0.2-1+deb9u3.debian.tar.xz
Files:
8874e4e0bdbd1dc82b2cf12289d5d0ab 2093 net optional irssi_1.0.2-1+deb9u3.dsc
113bb55eb6aeaaf879032cb4c8c7f7dc 23200 net optional irssi_1.0.2-1+deb9u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln6RRpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELIwP/3tGeLtprSCeaXwFGp3pSJbEQdtW8B8k
/XaIhmNbMx0fXoLQkp9fv6O/4KFCYEtK94L/p4xIGW1PNkXIpor9S2KUIJSFGZmS
0qvB3A97/y6qWorJI2yFJAA0Derg5tuohZg3fGEA9g38/b5t2wzGNSEHzVW0WiPp
v9fGGDkW00uG76v1VuQ5dVz7pseLxqvIJnW8GWO5ZsKRMCSRC2G+Sy6/MbRvbxq3
R73mCjyfRGT6TMcvnnPb9mJx4x+nnT47FDi3yuGVUWgVu0TAE1uhGWXsNx8M+PIr
DTXpAQGPgd8iAbbVVJO0Mkfe9PhT1hnfYKUzdCBu1rhubl/en/f3hpuXG7xRCHNp
6Pp265SNgzgTclYFIA89+daMBxHXWf+I9AQA7wDNMydnoM+2EYYdTjyA6dhXcn15
M7cgbeByZW0KtB3O5SOhyYhGiIeTPForW3psDbsiaJo9IiD6MzJQieJz/1S5pDTw
tqy0Us8yhCBhOF7DX5RzIVyWB/gN4us32eViVk2bs4hg1j336LIKa1FoqsDS2RUr
dajAWPQ60UmRvUe8Nmnr+VxvTCvb3iFVEhjY1hKSwM9e90rD9mR2zhomJMAAaVVK
MgpFghBtt1QssIKHC00mxd0nVGBXaknMzKhayXvM8BAcOOdJoe2w30nT1fegM02+
BnZq06AGHTGQ
=6Wv0
-----END PGP SIGNATURE-----