aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2018-01-07 22:03:18 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2018-01-08 22:40:12 +0100
commit427354a3b9f0fd26d5568eed988b49bb536fc6eb (patch)
tree5239b9eb453f008b9a59068e44312fd5c810bf82
parent13ade0145c2457f0a35a9519549f30da87579f03 (diff)
downloadbuildroot-427354a3b9f0fd26d5568eed988b49bb536fc6eb.tar.gz
buildroot-427354a3b9f0fd26d5568eed988b49bb536fc6eb.tar.bz2
irssi: security bump to version 1.0.6
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt): Multiple vulnerabilities have been located in Irssi. (a) When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. (CWE-476) CVE-2018-5206 was assigned to this issue. (b) When using incomplete escape codes, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5205 was assigned to this issue. (c) A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. (CWE-126) Found by Joseph Bisch. CVE-2018-5208 was assigned to this issue. (d) When using an incomplete variable argument, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5207 was assigned to this issue. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit aebdb1cd4b4034542eb7c50fc4b6a265c5ba5c77) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/irssi/irssi.hash2
-rw-r--r--package/irssi/irssi.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index 0a6c3f614a..83dde00352 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
-sha256 c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914 irssi-1.0.5.tar.xz
+sha256 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585 irssi-1.0.6.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index f9450783bc..d49b5d7e46 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IRSSI_VERSION = 1.0.5
+IRSSI_VERSION = 1.0.6
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.