Date: Fri, 9 Nov 2012 23:58:23 GMT From: Andy Pilate <cubox@cubox.me> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/173514: weechat is vunerable to a crash when receive special coloured messages. Message-ID: <201211092358.qA9NwNJE095002@red.freebsd.org> Resent-Message-ID: <201211100000.qAA001WD091173@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173514 >Category: ports >Synopsis: weechat is vunerable to a crash when receive special coloured messages. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 10 00:00:01 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Andy Pilate >Release: FreeBSD 9.1-PRERELEASE amd64 >Organization: weechat >Environment: FreeBSD Dragonborn 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r242658: Tue Nov 6 14:36:50 CET 2012 root@Dragonborn:/usr/obj/usr/src/sys/DRAGONBORN amd64 >Description: We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now. The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here. https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d >How-To-Repeat: The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels. >Fix: Just update your clients! (or run /set irc.network.colors_receive off) The two ports to update is weechat and weechat-devel >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211092358.qA9NwNJE095002>