ports/173513: weechat is vunerable to a crash when receive special colored messages.

Eitan Adler lists at eitanadler.com
Sat Nov 10 00:30:01 UTC 2012 

The following reply was made to PR ports/173513; it has been noted by GNATS.

From: Eitan Adler <lists at eitanadler.com>
To: ports-secteam at freebsd.org
Cc: Andy Pilate <cubox at cubox.me>, bug-followup at freebsd.org
Subject: Re: ports/173513: weechat is vunerable to a crash when receive
 special colored messages.
Date: Fri, 9 Nov 2012 19:25:19 -0500

 FYI. I won't have time to look into during this weekend, but someone
 here should.
 
 On 9 November 2012 18:50, Andy Pilate <cubox at cubox.me> wrote:
 >
 >>Number:         173513
 >>Category:       ports
 >>Synopsis:       weechat is vunerable to a crash when receive special colored messages.
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       high
 >>Responsible:    freebsd-ports-bugs
 >>State:          open
 >>Quarter:
 >>Keywords:
 >>Date-Required:
 >>Class:          sw-bug
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Sat Nov 10 00:00:00 UTC 2012
 >>Closed-Date:
 >>Last-Modified:
 >>Originator:     Andy Pilate
 >>Release:        FreeBSD 9.1-PRERELEASE amd64
 >>Organization:
 > weechat-testers
 >>Environment:
 > System: FreeBSD Dragonborn 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r242658: Tue Nov 6 14:36:50 CET 2012 root at Dragonborn:/usr/obj/usr/src/sys/DRAGONBORN amd64
 >
 >
 >>Description:
 >         We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now.
 >     The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here.
 >     https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d
 >>How-To-Repeat:
 >     The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels.
 >>Fix:
 >
 >     Just update your clients! (or run /set irc.network.colors_receive off)
 >
 >>Release-Note:
 >>Audit-Trail:
 >>Unformatted:
 > _______________________________________________
 > freebsd-ports-bugs at freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs
 > To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe at freebsd.org"
 
 
 
 -- 
 Eitan Adler

More information about the freebsd-ports-bugs mailing list