ports/173513: weechat is vunerable to a crash when receive special colored messages.
Andy Pilate
cubox at cubox.me
Sat Nov 10 00:00:02 UTC 2012
>Number: 173513
>Category: ports
>Synopsis: weechat is vunerable to a crash when receive special colored messages.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 10 00:00:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Andy Pilate
>Release: FreeBSD 9.1-PRERELEASE amd64
>Organization:
weechat-testers
>Environment:
System: FreeBSD Dragonborn 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r242658: Tue Nov 6 14:36:50 CET 2012 root at Dragonborn:/usr/obj/usr/src/sys/DRAGONBORN amd64
>Description:
We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now.
The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here.
https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d
>How-To-Repeat:
The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels.
>Fix:
Just update your clients! (or run /set irc.network.colors_receive off)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list