blob: b12be880a879274ba416def8720cc27b35dc55bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
---
layout: post
title: "Irssi 1.0.4 Released"
---
Irssi 1.0.4 has been released. This release fixes two remote crash
issues in Irssi as well as a few bugs, correcting a mistake that
was introduced in 1.0.3 while parsing some time-related
settings. There are no new features. **All Irssi users should upgrade
to this version**. See the
[NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.4/NEWS) for
details.
Our bug reporter Brian 'geeknik' Carpenter writes:
> 34 days after reading [Fuzzing Irssi]({% post_url
2017-05-12-fuzzing-irssi %}), my AFL instance was finally able to
trigger a null pointer dereference in irssi 1.0.2. [...] Hopefully this one isn't fixed yet.
>
> 35 days after reading Fuzzing Irssi, my AFL
instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian
8 x64 following the instructions and patches of the referenced article. (;
For more information refer to the [security advisory](/security/irssi_sa_2017_07.txt).
Thanks, Brian!
This release can be downloaded from [our releases
page](https://github.com/irssi/irssi/releases). Binary test packages
for various Linux distributions are automatically generated by the
[openSUSE Build Service](https://build.opensuse.org/) and are
available for download in the
[irssi-test](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-test;package=irssi)
repository.
Please check with your distro whether they provide officially updated
packages.
We currently do not have any alternate advice.
The Irssi Team.
|
