Debian Package Tracker

From: Rhonda D'Vine <rhonda@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted irssi 1.0.7-1 (source amd64) into unstable
Date: Tue, 06 Mar 2018 15:51:50 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 06 Mar 2018 14:42:44 +0100
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
Checksums-Sha1:
 e2dbc91d63a972fc44c732e40215ac062cbfc842 2149 irssi_1.0.7-1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 a61600116bcf861a513a44b70a6152511076f41d 20344 irssi_1.0.7-1.debian.tar.xz
 c03eabca0219054f3a30150348350718140cea2c 2981160 irssi-dbgsym_1.0.7-1_amd64.deb
 faf42b31ca93ee3254a572e54d4df77b8202e9d6 453980 irssi-dev_1.0.7-1_amd64.deb
 d746d0eb83b5f1a4393e2e4aa42e818018bd8943 7294 irssi_1.0.7-1_amd64.buildinfo
 942d1b575dd70ee6f67a418eab2deaea5338635d 1085660 irssi_1.0.7-1_amd64.deb
Checksums-Sha256:
 8c16bc07a086213ead747c83e8af1ee89862c9bcef16675987dc90b699787731 2149 irssi_1.0.7-1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
 a06eedac3c912d2f14d4399591572ff98dd9601db7b6b92ba2733c319419b45c 20344 irssi_1.0.7-1.debian.tar.xz
 4cff1715765c40b856780bdfa22006ac46d2ea454b3728d8b8586c069055d9a3 2981160 irssi-dbgsym_1.0.7-1_amd64.deb
 e5ed60b15ca6a8408c1f23b64f6081a41c3790092a20019732e4783c89c12bbb 453980 irssi-dev_1.0.7-1_amd64.deb
 b3518d0f7eb496e59c9d28824edb1882d7543753f98d3ca8fcb245a4332bab21 7294 irssi_1.0.7-1_amd64.buildinfo
 ae53ebed69c37fc1716e0d06f1174846391e7f0d25c4e293dd9b53bb1f70a9e9 1085660 irssi_1.0.7-1_amd64.deb
Files:
 79a9214fd3ffaca794ba8af35e89b92c 2149 net optional irssi_1.0.7-1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
 1e28c9230efa6072958dcd54c1340a61 20344 net optional irssi_1.0.7-1.debian.tar.xz
 e4f18d54ccbd6ca8002afe94c67e7b90 2981160 debug optional irssi-dbgsym_1.0.7-1_amd64.deb
 fb4e099db6f0befa2beef3459ff3d957 453980 net optional irssi-dev_1.0.7-1_amd64.deb
 db908039423e8578ef6e1bf0e65a4845 7294 net optional irssi_1.0.7-1_amd64.buildinfo
 a7ce4ded997e5feaf5b6e716f2f5f87a 1085660 net optional irssi_1.0.7-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlqerPoACgkQ3ugEPuF+
uzDq2RAAmKnalI5aLrEjK5/UPYISYPflqnovaE2JSb0RcgQm3GPFjqmQ967Tq7gG
ND5p958VRXEubJZen1sFnSeJtjHZ3Vm4etgJS04qijR8E4Y9y6Utd+ENCFQp++LH
zraIjlIt24FccMsUsRDSoB3xP6L0navPCsLMSHODqzcuaJxF6r/jBCNS7ULyjw9a
Cbf1Ic3eS/fR5+6szk+teOVsZH7f8+HMKURzR5Q6XmAa3+S0gDZvWmFTE7ZtE+v0
ACMWhGHsDzanCpUMsPZLUsdGVxJDSw4aXBi3yFjsgkyHd69nAwnkWkHaK3le8mI4
JwnCyZ27QH88RymtCVr5/vxpnfTDs+YWanVwVaieDauD6gCswG4maDuOHUtpmBS1
fFPsclbUXHDiY23f6BmF2Mhnr7Ev8uaTSm08beEXqhiVM7PulRuZgXdXJIBgg6a0
FCoYh9prEJghrnjepiKi0vyZYuqxvMVC9e8SOkWRswXOXMClqsKhitsSc5iAr0lZ
kTqsvRsClQvo0nlbWC2SwKpRs+X8Pw3YQ6YKYm49BwoM2OjI/eQTHvSvwniVzMc7
8MIsyqmi9TJM4S+3+9uCR+DaiYcBt5Z6qgAHz6K/vLMzbIItRzjUgMD9alO1INg3
hRPtT7GpspIRAsvsQVxHllHzy5g/M9mj5RcPeb6zFg/wZw77RYo=
=tCf9
-----END PGP SIGNATURE-----
News for package irssi
