Your message dated Tue, 25 Apr 2017 09:34:14 +0000 with message-id <e1d2wro-0000wz...@fasolo.debian.org> and subject line Bug#861121: fixed in weechat 1.7-3 has caused the Debian Bug report #861121, regarding weechat: CVE-2017-8073 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: weechat Version: 1.0.1-1 Severity: important Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for weechat. CVE-2017-8073[0]: | WeeChat before 1.7.1 allows a remote crash by sending a filename via | DCC to the IRC plugin. This occurs in the | irc_ctcp_dcc_filename_without_quotes function during quote removal, | with a buffer overflow. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8073 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073 [1] https://weechat.org/news/95/20170422-Version-1.7.1/ [2] https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: weechat Source-Version: 1.7-3 We believe that the bug you reported is fixed in the latest version of weechat, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bouthenot <kol...@debian.org> (supplier of updated weechat package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Apr 2017 10:46:10 +0200 Source: weechat Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg Architecture: source amd64 all Version: 1.7-3 Distribution: unstable Urgency: medium Maintainer: Emmanuel Bouthenot <kol...@debian.org> Changed-By: Emmanuel Bouthenot <kol...@debian.org> Description: weechat - Fast, light and extensible chat client weechat-core - Fast, light and extensible chat client - core files weechat-curses - Fast, light and extensible chat client - console client weechat-dbg - Fast, light and extensible chat client - debugging symbols weechat-dev - Fast, light and extensible chat client - development headers weechat-doc - Fast, light and extensible chat client - documentation weechat-plugins - Fast, light and extensible chat client - plugins Closes: 861121 Changes: weechat (1.7-3) unstable; urgency=medium . * Add a patch to fix CVE-2017-8073 which allows a remote crash by sending a filename via DCC to the IRC plugin (Closes: #861121) Checksums-Sha1: bf4297e7eae3077bcc51f29ab96b8c7f7fa3b27d 2484 weechat_1.7-3.dsc 76c0b79d8f06f25521e9c019f88036f10d60c00c 16012 weechat_1.7-3.debian.tar.xz 2298680a9b08d0e09294211684d0147d0bd0fa34 697740 weechat-core_1.7-3_amd64.deb 0a3c213166055f303609fcd1cb54e8fe3bd63b20 403468 weechat-curses_1.7-3_amd64.deb 6d3cf52a442e9ef6b166da21e55a15f25d18b34c 3751000 weechat-dbg_1.7-3_amd64.deb 846317f448b519ecd4b68312d16f2096d0802a5e 68126 weechat-dev_1.7-3_all.deb cb61cdc69bf4dcf2c9eb4956163ec677510ffa13 838638 weechat-doc_1.7-3_all.deb fa7b936fa503620a5a34c2db3322890d166c59b0 493944 weechat-plugins_1.7-3_amd64.deb 4a4e578683025d46dbd54b797bb87dd1a3965cab 55724 weechat_1.7-3_all.deb b994246b700414b9410d27fcfb890ad7882d31f5 11193 weechat_1.7-3_amd64.buildinfo Checksums-Sha256: c9053577804d2d767fb1ea6ac013dd3055617c6b6cc0ec436853c71cc8f2fc07 2484 weechat_1.7-3.dsc d2a4871cbbc274476d1cc94ba2380d53e2f84e23a2cfe70ff81f2bc26f489799 16012 weechat_1.7-3.debian.tar.xz 661a5e0b8158dfd5f04214163bf52a966c4c55d324f5779f7bc43aa8b444e350 697740 weechat-core_1.7-3_amd64.deb c6ac021294be3df30a51cc3b2ed766958db364592a4abbc26517facd8d9638e0 403468 weechat-curses_1.7-3_amd64.deb 3fcfd3ef3dfe83cd79cd81bff2789fa49069d7e43224a92e848bf80c452a7731 3751000 weechat-dbg_1.7-3_amd64.deb e65683b6c63a4840ee848162900b568e238929658642623d3c77fa699bb32927 68126 weechat-dev_1.7-3_all.deb fd830b4d5d14c7cb735d98df8da46885c58c52cfa6ffa6dc9a92e0f29876e718 838638 weechat-doc_1.7-3_all.deb bed2f48c6a5548df2b763d4571a4d8745427aac14818bf20a8c59dae5ea62e09 493944 weechat-plugins_1.7-3_amd64.deb 23286be13bb1a32dae0fbc6f6dccec4be6a6cc231a2cf1a8a1a3364969bee7e5 55724 weechat_1.7-3_all.deb cf28b51e3297cb3cec2705167cb065c2d06d695792297749e9e0511a0e480411 11193 weechat_1.7-3_amd64.buildinfo Files: a0c024790ea8e0c8410a949495c80aa8 2484 net optional weechat_1.7-3.dsc 4539a2c5793a06ea0422cd65b6b89447 16012 net optional weechat_1.7-3.debian.tar.xz 47fe5cf02ba33b395c5f5eb60d931027 697740 net optional weechat-core_1.7-3_amd64.deb 64c9b93a9088a8ba158b4c7b8fd9567d 403468 net optional weechat-curses_1.7-3_amd64.deb 2b62ba7ad2703ddddc9f870cc434975f 3751000 debug extra weechat-dbg_1.7-3_amd64.deb 16766f5bd3be6273aa71f269ecd01110 68126 devel optional weechat-dev_1.7-3_all.deb fe195f130037719ae2ef4968f3c8bbb1 838638 doc optional weechat-doc_1.7-3_all.deb 46ae39e88d8b805323685358eb02f6f2 493944 net optional weechat-plugins_1.7-3_amd64.deb f0edb2bda6578b60d266b9b4b26f2b4b 55724 net optional weechat_1.7-3_all.deb da38ccbc3390479125ca6e5240826a4f 11193 net optional weechat_1.7-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQ1Tfow3vJnf8QuHSwd3I5KdQsMFAlj/E0oACgkQSwd3I5Kd QsM9SA/+IW2uVPDMV03pR/FNrj3kGewbAe+kjuSADkJAuBq7PbOPnCsL9GzCetg0 XnpGQdnNDk7YqwRv5as6Xv/FzWCsPsftshPfb845aXdrRLn8Bml+ojFJxfzxqpX6 cNgV9YazOdkJIzI78swR9V3zGE4PAJKXpy5qdcm+iAFKkmYQbEun4suIhLqLHF6T 0RruAaWZnbmDW4p7foLzgTp5pTv+eZljXbFyBIpNQN4t8SN8iitM8rShhW/StVbU t1NMZDNlM3LXBnFtqpyR+hroLYjXk8HXtrHc756u85tHfTlo7iCbl7w60uPIe4Kr FQqMaSpEYmxwfnQB3WF7qfvgkSCKqU8H3sHyMj8oQg3tuyruN+n2aq3pcrc2RH4M +bxHQ2948WxY/A5qcf+FRKCgS+O6I01riR5y8Nmoa1JYuQA1uxKOH7vTaCdbMrC0 HrNW+/WTEJrp/2eNsqXxKHqAvCNWcNNEUQa492SdOU10qbHE/cCRDmoZYskG6o4K 7C6kjR21JKw0bUa/WrzH+vuwsLaP/9UNq8RIRLYS4z1H2NV9xqB4qxWAoO/2r8Tw S1mDYEXIBDBQZUsBn5jWj5e6Pz49u/0fZ7EfYv2a01OOs/jp9Vhz03Oe7KI4jXKz kXvskMsK8CPoPHqAfmDB4L8mPp8LNSV1cNF2TfWp3S+yjFSrCrs= =FS7e -----END PGP SIGNATURE-----
--- End Message ---
