[Bug 224954] irc/irssi: Update to 1.0.6 (security fixes)

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224954

            Bug ID: 224954
           Summary: irc/irssi: Update to 1.0.6 (security fixes)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: dor.bsd at xm0.uk

Created attachment 189468
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189468&action=edit
Update irc/irssi port to 1.0.6

Updates irssi to 1.0.6 to correct CVEs CVE-2018-5206,
CVE-2018-5205, CVE-2018-5208, CVE-2018-5207.

(a) When the channel topic is set without specifying a sender, Irssi
    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)

    CVE-2018-5206 was assigned to this issue.

(b) When using incomplete escape codes, Irssi may access data beyond
    the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5205 was assigned to this issue.

(c) A calculation error in the completion code could cause a heap
    buffer overflow when completing certain strings. (CWE-126) Found
    by Joseph Bisch.

    CVE-2018-5208 was assigned to this issue.

(d) When using an incomplete variable argument, Irssi may access data
    beyond the end of the string. (CWE-126) Found by Joseph Bisch.

    CVE-2018-5207 was assigned to this issue.

Upstream information about this is recorded at
https://irssi.org/security/irssi_sa_2018_01.txt

-- 
You are receiving this mail because:
You are the assignee for the bug.