aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2019-07-03 17:52:13 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-07-07 08:39:56 +0200
commit259d203f5a2867c6a6f8b9888166ea2ff6c60d9b (patch)
treee46665a157528d5d7be3247c05538828135a229b
parent721208a87182dfa00b163c90af5ea7e13de764fc (diff)
downloadbuildroot-259d203f5a2867c6a6f8b9888166ea2ff6c60d9b.tar.gz
buildroot-259d203f5a2867c6a6f8b9888166ea2ff6c60d9b.tar.bz2
package/irssi: security bump to version 1.0.8
Fixes the following security vulnerability: CVE-2019-13045: Use after free when sending SASL login to the server found by ilbelkyr For more details, see the advisory: https://irssi.org/security/html/irssi_sa_2019_06/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit 0a1b957d4ed3ec41c645fc81ba6029921116ab4f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/irssi/irssi.hash2
-rw-r--r--package/irssi/irssi.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index 0f298137ba..6a91e16487 100644
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
-sha256 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac irssi-1.0.7.tar.xz
+sha256 414fdee2ffaeb90a55f141b7fb3899608631dc891e2bc1f5e91ca31f1a621101 irssi-1.0.8.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index 611365f88e..4d7268d291 100644
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IRSSI_VERSION = 1.0.7
+IRSSI_VERSION = 1.0.8
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.