Date: Sat, 10 Nov 2012 00:30:00 GMT From: Eitan Adler <lists@eitanadler.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/173513: weechat is vunerable to a crash when receive special colored messages. Message-ID: <201211100030.qAA0U0Qf098972@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/173513; it has been noted by GNATS. From: Eitan Adler <lists@eitanadler.com> To: ports-secteam@freebsd.org Cc: Andy Pilate <cubox@cubox.me>, bug-followup@freebsd.org Subject: Re: ports/173513: weechat is vunerable to a crash when receive special colored messages. Date: Fri, 9 Nov 2012 19:25:19 -0500 FYI. I won't have time to look into during this weekend, but someone here should. On 9 November 2012 18:50, Andy Pilate <cubox@cubox.me> wrote: > >>Number: 173513 >>Category: ports >>Synopsis: weechat is vunerable to a crash when receive special colored messages. >>Confidential: no >>Severity: serious >>Priority: high >>Responsible: freebsd-ports-bugs >>State: open >>Quarter: >>Keywords: >>Date-Required: >>Class: sw-bug >>Submitter-Id: current-users >>Arrival-Date: Sat Nov 10 00:00:00 UTC 2012 >>Closed-Date: >>Last-Modified: >>Originator: Andy Pilate >>Release: FreeBSD 9.1-PRERELEASE amd64 >>Organization: > weechat-testers >>Environment: > System: FreeBSD Dragonborn 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r242658: Tue Nov 6 14:36:50 CET 2012 root@Dragonborn:/usr/obj/usr/src/sys/DRAGONBORN amd64 > > >>Description: > We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now. > The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here. > https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d >>How-To-Repeat: > The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels. >>Fix: > > Just update your clients! (or run /set irc.network.colors_receive off) > >>Release-Note: >>Audit-Trail: >>Unformatted: > _______________________________________________ > freebsd-ports-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs > To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org" -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211100030.qAA0U0Qf098972>