Debian Package Tracker

From: Rhonda D'Vine <rhonda@debian.org>
To:
Subject: Accepted irssi 1.0.7-1~deb9u1 (source amd64) into stable->embargoed, stable
Date: Sun, 01 Apr 2018 20:29:43 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Mar 2018 10:22:28 +0200
Source: irssi
Binary: irssi irssi-dev
Architecture: source amd64
Version: 1.0.7-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Rhonda D'Vine <rhonda@debian.org>
Changed-By: Rhonda D'Vine <rhonda@debian.org>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 879521 886475 890674 890675 890676 890677 890678
Changes:
 irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
 .
   * Security update using upstream version 1.0.7. See changelog entries of
     1.0.7-1 and 1.0.5-1 for the CVE lists.
   * Remove pulled patches that were put on top of 1.0.2.
   * Lower debhelper compat to 10.
 .
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
 .
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):
     - Fix missing -sasl_method '' in /NETWORK.
     - Fix incorrect restoration of term state when hitting SUSP
       inside screen.
     - Fix out of bounds read when compressing colour
       sequences. Found by Hanno Böck. [CVE-2017-15228]
     - Fix use after free condition during a race condition when
       waiting on channel sync during a rejoin [CVE-2017-15227]
     - Fix null pointer dereference when parsing certain malformed
       CTCP DCC messages. [CVE-2017-15721]
     - Fix crash due to null pointer dereference when failing to
       split messages due to overlong nick or target. [CVE-2017-15723]
     - Fix out of bounds read when trying to skip a safe channel ID
       without verifying that the ID is long enough. [CVE-2017-15722]
     - Fix return of random memory when inet_ntop failed.
     - Minor statusbar help update.
   * Remove deprecated --with autotools_dev call to dh.
   * Bump Standards-Version to 4.1.1.
   * Change priority of irssi-dev from deprecated extra to optional.
   * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
     directly.
Checksums-Sha1:
 dc64227d7478e374aa7363eb6632cf40045d551a 2177 irssi_1.0.7-1~deb9u1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 cb0dee4efa0c93cce87baa35da863ea6895bb8c3 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
 b1d6045ff6a2b7ac02aa61ba618c177b243b1868 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 6a061e477a0c28b0e7c1aaca47fbf80fc3605b33 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
 a8f251d110cfc33488027f9776bfc29cf2bf361e 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
 d78da08269ac5d921bd0a84e8134db4673c682f9 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Checksums-Sha256:
 bc0fe07a9ada3495b6726e4a143c6d854176b9da63e0e991de067c890b0a73bb 2177 irssi_1.0.7-1~deb9u1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
 7f6bb02371ed3f2e0e425e42991bf6c6ec78245789f04b1b134b60458f81fe37 20664 irssi_1.0.7-1~deb9u1.debian.tar.xz
 1deb1fff2de475cac7ffc1f8588156759b7937b4277d937cf24e1253fdd3a139 2937626 irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 4c891cbf01f2f5725ffd2ac0af0d4f4d445e2fdea56eacc47f1d993eaaf4b67d 454488 irssi-dev_1.0.7-1~deb9u1_amd64.deb
 a1b4b6c9f752da2fb37f5fef209e77dbc5bcba17debaf3d396387d0bb624abe2 7136 irssi_1.0.7-1~deb9u1_amd64.buildinfo
 05c10027720f9ccfdb7f627458c69586651306792e9e8ab9aa0fa3c848b64c70 1082726 irssi_1.0.7-1~deb9u1_amd64.deb
Files:
 d187114676976360fdbd71358fe29934 2177 net optional irssi_1.0.7-1~deb9u1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
 edc760cf204c532b22a1a894e1158873 20664 net optional irssi_1.0.7-1~deb9u1.debian.tar.xz
 6ed3626c4fee9db5014a327ae1ebbb27 2937626 debug extra irssi-dbgsym_1.0.7-1~deb9u1_amd64.deb
 e8fd71fcc62eb89725691122a60ad604 454488 net optional irssi-dev_1.0.7-1~deb9u1_amd64.deb
 9a9bf940f379853d90c5c0f27343fd18 7136 net optional irssi_1.0.7-1~deb9u1_amd64.buildinfo
 c49b810338d63aa5b2052c5e67707208 1082726 net optional irssi_1.0.7-1~deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAlq8rUsACgkQ3ugEPuF+
uzDu/hAAhDpmNDtVAf/WG15h0R256NZ64iE+S1IRkx70IVemU3qs3qf3V0LiIz6P
szaWubkDWQaC/FoqJbm3gP4haGpNegQAL7krW6/PvllMwa8YlCJRhFJSUdel5bWX
dBB0GH3XZ36F4abrEuQeFQWnGpCRIF8ny6UXpFOAR1Bn9jyjTydH/toXL1eOypeA
7P2C6nXfx6fPeio5VJHPwtc7eWpEumelKwwEtneR5viNmNLHYAPilVfq+iOI+1bv
aVepgIr1TVbTLSD5QvoQrTDa96EW1X4/ksiU2dk8/F9YFnNnaOAuN7GxuJ6im7nM
XYhrv6wxt8MZC/rqvUFCTJzE5ELh4rHMHIGDi7Cb3HPobH1pnLnPklvPpJ3Gg8aO
PynzfCyPZo8EyBD+Ap/zASSpG1cQnWKrjTR/iKyqTtvop6olSesQUkzrlViOTKso
3h6UAZ9ylAAj7Kz3kvAmgARo/H1oVLomOdrDjZbimaaKJ2poy79FGZvfX+Xv2CBm
FQ00yAj6MY37JHy6jj+Aq6j9mNlQ5bOg1KwFEYKgjZLzFcWkQ27Jq58PW0ggZ5gG
eDCm6yaEWEE6qK0Or7eIX80g0KprrDq7l6ZIjrPETwt1n67ftlKse1rolO9FXfVd
yzK3xU4YgaX5/z5rN4/ZHX55g+XdqaLxXXcaXNaRUQe/C4lRTJw=
=uHpC
-----END PGP SIGNATURE-----
News for package irssi
