Release Irssi 1.0.2

1 files changed, 56 insertions, 0 deletions

diff --git a/security/irssi_sa_2017_03.txt b/security/irssi_sa_2017_03.txt
new file mode 100644
index 0000000..936aec6
--- /dev/null
+++ b/security/irssi_sa_2017_03.txt
@@ -0,0 +1,56 @@
+use after free condition during netjoin processing [1]
+======================================================
+CWE Classification: CWE-416
+
+
+CVE-2017-xxxx [2] will be updated once cve assigned.
+
+
+Description
+-----------
+
+Use after free while producing list of netjoins (CWE-416)
+
+This issue was found and reported to us by APic.
+
+
+Impact
+------
+
+This issue usually leads to segmentation faults. Targeted code
+execution should be difficult.
+
+
+Affected versions
+-----------------
+
+Irssi up to and including 1.0.1
+
+We believe Irssi 0.8.21 and prior are not affected since a different
+code path causes the netjoins to be flushed prior to reaching the use
+after free condition.
+
+
+Fixed in
+--------
+
+Irssi 1.0.2
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release
+without any new features.
+
+
+Patch
+-----
+
+https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2017_03.txt