Date: Sat, 10 Nov 2012 00:50:29 +0100 (CET) From: Andy Pilate <cubox@cubox.me> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/173513: weechat is vunerable to a crash when receive special colored messages. Message-ID: <201211092350.qA9NoTKV073792@Dragonborn.cubox.me> Resent-Message-ID: <201211100000.qAA0017h091152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173513
>Category: ports
>Synopsis: weechat is vunerable to a crash when receive special colored messages.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 10 00:00:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Andy Pilate
>Release: FreeBSD 9.1-PRERELEASE amd64
>Organization:
weechat-testers
>Environment:
System: FreeBSD Dragonborn 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r242658: Tue Nov 6 14:36:50 CET 2012 root@Dragonborn:/usr/obj/usr/src/sys/DRAGONBORN amd64
>Description:
We detected that weechat is vulnerable to a crash when sending a special coloured message. This vulnerability hits versions old from one year ago to now.
The patch was pushed, but we need to update ports as soon as possible. I sended a mail to the port maintener, but without fast answer, I'm trying here.
https://savannah.nongnu.org/bugs/?37704 http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=9453e81baa7935db82a0b765a47cba772aba730d
>How-To-Repeat:
The Proof Of Concept is private. It's to avoid scripts kiddies to send a forged message on popular irc channels.
>Fix:
Just update your clients! (or run /set irc.network.colors_receive off)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211092350.qA9NoTKV073792>