irssi: security bump to version 1.0.4
>From the advisory: https://irssi.org/security/irssi_sa_2017_07.txt Two vulnerabilities have been located in Irssi. (a) When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-690) CVE-2017-10965 [2] was assigned to this bug (b) While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-416 caused by CWE-227) CVE-2017-10966 [3] was assigned to this bug Impact ------ (a) May result in denial of service (remote crash). (b) Undefined behaviour. Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
Loading
Please register or sign in to comment