diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2017-03-11 22:27:31 +0100 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-03-11 22:27:31 +0100 |
commit | acb12ca6cd4e12a1d1a401b55675f18eef3f3ef4 (patch) | |
tree | bf2d64898fc4d82fdef06bf761ffbf1f5241595b /security/irssi_sa_2017_03.txt | |
parent | 9d9e031467af2eda07885826e38756d707389ff2 (diff) | |
download | irssi.github.io-acb12ca6cd4e12a1d1a401b55675f18eef3f3ef4.zip |
Release Irssi 1.0.2
Diffstat (limited to 'security/irssi_sa_2017_03.txt')
-rw-r--r-- | security/irssi_sa_2017_03.txt | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/irssi_sa_2017_03.txt b/security/irssi_sa_2017_03.txt new file mode 100644 index 0000000..936aec6 --- /dev/null +++ b/security/irssi_sa_2017_03.txt @@ -0,0 +1,56 @@ +use after free condition during netjoin processing [1] +====================================================== +CWE Classification: CWE-416 + + +CVE-2017-xxxx [2] will be updated once cve assigned. + + +Description +----------- + +Use after free while producing list of netjoins (CWE-416) + +This issue was found and reported to us by APic. + + +Impact +------ + +This issue usually leads to segmentation faults. Targeted code +execution should be difficult. + + +Affected versions +----------------- + +Irssi up to and including 1.0.1 + +We believe Irssi 0.8.21 and prior are not affected since a different +code path causes the netjoins to be flushed prior to reaching the use +after free condition. + + +Fixed in +-------- + +Irssi 1.0.2 + + +Recommended action +------------------ + +Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release +without any new features. + + +Patch +----- + +https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3 + + +References +---------- + +[1] https://irssi.org/security/irssi_sa_2017_03.txt |