[Buildroot] [PATCH] irssi: security bump to version 1.0.3
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Mon Jun 19 20:09:24 UTC 2017
Hello,
On Sun, 18 Jun 2017 23:35:02 +0200, Peter Korsgaard wrote:
> Fixes:
>
> CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
> DCC messages without source nick/host. A malicious IRC server can take
> advantage of this flaw to cause Irssi to crash, resulting in a denial of
> service.
>
> CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
> receiving incorrectly quoted DCC files. A remote attacker can take
> advantage of this flaw to cause Irssi to crash, resulting in a denial of
> service.
>
> See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
>
> Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
> applied upstream and drop autoreconf as configure.ac is no longer patched.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ...-to-using-pkg-config-to-check-for-OpenSSL.patch | 77 ----------------------
> package/irssi/irssi.hash | 2 +-
> package/irssi/irssi.mk | 5 +-
> 3 files changed, 2 insertions(+), 82 deletions(-)
> delete mode 100644 package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list