[Buildroot] [PATCH] irssi: security bump to version 1.0.3

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Mon Jun 19 20:09:24 UTC 2017


Hello,

On Sun, 18 Jun 2017 23:35:02 +0200, Peter Korsgaard wrote:
> Fixes:
> 
> CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
> DCC messages without source nick/host.  A malicious IRC server can take
> advantage of this flaw to cause Irssi to crash, resulting in a  denial of
> service.
> 
> CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
> receiving incorrectly quoted DCC files.  A remote attacker can take
> advantage of this flaw to cause Irssi to crash, resulting in a denial of
> service.
> 
> See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
> 
> Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
> applied upstream and drop autoreconf as configure.ac is no longer patched.
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  ...-to-using-pkg-config-to-check-for-OpenSSL.patch | 77 ----------------------
>  package/irssi/irssi.hash                           |  2 +-
>  package/irssi/irssi.mk                             |  5 +-
>  3 files changed, 2 insertions(+), 82 deletions(-)
>  delete mode 100644 package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com



More information about the buildroot mailing list