[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1289-1] irssi security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : irssi
Version        : 0.8.15-5+deb7u5
CVE IDs        : CVE-2018-7050 CVE-2018-7051 CVE-2018-7052
Debian Bugs    : #890676, #890677, #890678

It was discovered that there where a number of vulnerabilities in irssi,
the terminal based IRC client:
 
  - CVE-2018-7050: Null pointer dereference for an "empty" nick.

  - CVE-2018-7051: Certain nick names could result in out-of-bounds
    access when printing theme strings.

  - CVE-2018-7052: When the number of windows exceeds the available space, a
    crash could occur due to another NULL pointer dereference.

For Debian 7 "Wheezy", these issues have been fixed in irssi version
0.8.15-5+deb7u5.

We recommend that you upgrade your irssi packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqPPisACgkQHpU+J9Qx
HlhM4hAAq/ZKahiIFCzymVmjZn/Ht91BQv5hMgrH+9FkRzB440U9L5Y7Pqgev13f
jr7tMsbYn0hT0FXKvBLVEtFaANcVkcYmK3aDQv1RpteAfrFxtRkIGq6J5xef4Jkc
FaWHzWdR/BjTKz98vuNgoZr4HOQFRsjgp23D0mxMduJedAx6zxsIUDKaIA2qkr+o
B/KwcNABEHR40E/WWD1sqn7lQG+kZa5SGb0Ns+/018gNXqX2xN+S0Ysl02xpA3Ko
P9LgM9Ya8hxeid3Hwzd0Vms4stw5cQz2eQ0CRF0rQuRvEFHrGyecIPAOYHlxa+Fv
9aE9TAi5hQqLJCHIUPnoh6qNyIrw34LN6OlP68lEM1eFXlgWJ8xHWSDEfLB1QewS
6IbXGWd5xZLdE7+y6M8gYPtBJdhhY2CR93cLyV5NjGFxU2PSRlmEn3xgZkKCmGR4
91RB9y31T4sq5hjNedLnibG+Ys3G0bnvmU1kmfstjwEzoD5Y6MKuyyX2tc46FJUY
yBOkDWnDajFJOxLxa2An0cPsD6hual8XrFVcAHBjHaJVof4t0E9LBQJG/iLouE0H
jNVlBuFyL5fHZNdrr2S9ahkn6ymxpr4e8YbwzuWFv/3r4tUig2he9+0FA15wlnxu
/yeAKKVlci9tKrewq/MdgFw2yNHXdFQ5aTIfL7SYDmZmogBXxvE=
=AMvX
-----END PGP SIGNATURE-----
Reply to: