0003819: net-irc/irssi: Multiple vulnerabilities before 0.8.21, 1.0.0

ID	Project	Category	View Status	Date Submitted	Last Update

0003819	Kali Linux	Kali Package Bug	public	2017-01-05 18:04	2017-01-05 18:06

Reporter	ccmcdee	Assigned To	muts
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	no change required
Product Version	2016.2

Summary	0003819: net-irc/irssi: Multiple vulnerabilities before 0.8.21, 1.0.0
Description	See advisory: https://irssi.org/security/irssi_sa_2017_01.txt "Four vulnerabilities have been located in Irssi. (a) A NULL pointer dereference in the nickcmp function found by Joseph Bisch. (CWE-690) (b) Use after free when receiving invalid nick message (Issue 0000466, CWE-146) (c) Out of bounds read in certain incomplete control codes found by Joseph Bisch. (CWE-126) (d) Out of bounds read in certain incomplete character sequences found by Hanno Böck and independently by J. Bisch. (CWE-126)" There are versions 0.8.21 and 1.0.0 that fix them. Probably better to just switch to 1.0.0
Additional Information	https://bugs.gentoo.org/show_bug.cgi?id=604772 irssi/kali-rolling,now 0.8.20-2+b1 amd64 [installed] terminal based IRC client

Date Modified	Username	Field	Change
2017-01-05 18:04	ccmcdee	New Issue
2017-01-05 18:06	muts	Assigned To	=> muts
2017-01-05 18:06	muts	Status	new => closed
2017-01-05 18:06	muts	Resolution	open => no change required
2017-01-05 18:06	muts	Note Added: 0006218

muts 2017-01-05 18:06 reporter ~0006218	Thanks. Once this package is updated in Debian testing, we'll have it shortly after.