aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2017-01-06 12:10:30 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-01-09 10:04:18 +0100
commit710a3094f8bd44703afbc977fec6fc3fe6101968 (patch)
treeae23bac18078ba5ce2c4f83f8e9b045b0ca6856f
parentc4c87ef8c6899ce040e9ffc6a6946e6d89954c99 (diff)
downloadbuildroot-710a3094f8bd44703afbc977fec6fc3fe6101968.tar.gz
buildroot-710a3094f8bd44703afbc977fec6fc3fe6101968.tar.bz2
irssi: security bump to 0.8.21
Bugfixes: - CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function found by Joseph Bisch (GL#1) - CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4, #466) - CVE-2017-5195: Correct an out of bounds read in certain incomplete control codes found by Joseph Bisch (GL#2) - CVE-2017-5196: Correct an out of bounds read in certain incomplete character sequences found by Hanno Böck and independently by J. Bisch (GL#3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 8528edfb3b3f6ee826c2339696c4c79c8ba5c938)
-rw-r--r--package/irssi/irssi.hash2
-rw-r--r--package/irssi/irssi.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index 33b2d0e1d8..b1048bf8f5 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a irssi-0.8.20.tar.xz
+sha256 e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a irssi-0.8.21.tar.xz
diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index 0fb6fc792d..e467f89890 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IRSSI_VERSION = 0.8.20
+IRSSI_VERSION = 0.8.21
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.