From acb12ca6cd4e12a1d1a401b55675f18eef3f3ef4 Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@z30a.localdomain>
Date: Sat, 11 Mar 2017 22:27:31 +0100
Subject: Release Irssi 1.0.2

---
 security/irssi_sa_2017_03.txt | 56 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 security/irssi_sa_2017_03.txt

(limited to 'security/irssi_sa_2017_03.txt')

diff --git a/security/irssi_sa_2017_03.txt b/security/irssi_sa_2017_03.txt
new file mode 100644
index 0000000..936aec6
--- /dev/null
+++ b/security/irssi_sa_2017_03.txt
@@ -0,0 +1,56 @@
+use after free condition during netjoin processing [1]
+======================================================
+CWE Classification: CWE-416
+
+
+CVE-2017-xxxx [2] will be updated once cve assigned.
+
+
+Description
+-----------
+
+Use after free while producing list of netjoins (CWE-416)
+
+This issue was found and reported to us by APic.
+
+
+Impact
+------
+
+This issue usually leads to segmentation faults. Targeted code
+execution should be difficult.
+
+
+Affected versions
+-----------------
+
+Irssi up to and including 1.0.1
+
+We believe Irssi 0.8.21 and prior are not affected since a different
+code path causes the netjoins to be flushed prior to reaching the use
+after free condition.
+
+
+Fixed in
+--------
+
+Irssi 1.0.2
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.2. Irssi 1.0.2 is a maintenance release
+without any new features.
+
+
+Patch
+-----
+
+https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2017_03.txt
-- 
cgit v1.2.3