Your message dated Sat, 29 Apr 2017 15:49:30 +0000
with message-id <e1d4uck-000fbf...@fasolo.debian.org>
and subject line Bug#861121: fixed in weechat 1.6-1+deb9u1
has caused the Debian Bug report #861121,
regarding weechat: CVE-2017-8073
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
861121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: weechat
Version: 1.0.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for weechat.
CVE-2017-8073[0]:
| WeeChat before 1.7.1 allows a remote crash by sending a filename via
| DCC to the IRC plugin. This occurs in the
| irc_ctcp_dcc_filename_without_quotes function during quote removal,
| with a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
[1] https://weechat.org/news/95/20170422-Version-1.7.1/
[2]
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: weechat
Source-Version: 1.6-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated weechat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Apr 2017 16:31:58 +0200
Source: weechat
Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc
weechat-dev weechat-dbg
Architecture: all source
Version: 1.6-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Emmanuel Bouthenot <kol...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 861121
Description:
weechat - Fast, light and extensible chat client
weechat-core - Fast, light and extensible chat client - core files
weechat-curses - Fast, light and extensible chat client - console client
weechat-dbg - Fast, light and extensible chat client - debugging symbols
weechat-dev - Fast, light and extensible chat client - development headers
weechat-doc - Fast, light and extensible chat client - documentation
weechat-plugins - Fast, light and extensible chat client - plugins
Changes:
weechat (1.6-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
Checksums-Sha1:
b510ecd30a66a674045f8f207ed993540ba3369d 2667 weechat_1.6-1+deb9u1.dsc
69bc1f3ff6677a1fb9b193966be1ee92402ff774 15672
weechat_1.6-1+deb9u1.debian.tar.xz
75f025b6d6bd474b7ac9abc780af214102929206 67216 weechat-dev_1.6-1+deb9u1_all.deb
55d7e981e532e01910edd59edb019a16eeebcdc8 820540
weechat-doc_1.6-1+deb9u1_all.deb
017ff5a9535007e9db8466b9bf2f1ca089172645 54838 weechat_1.6-1+deb9u1_all.deb
Checksums-Sha256:
345f0a7a9fa526c28f8d9954731a338f4f96f4ae31ad7127007bd5a83f5507bc 2667
weechat_1.6-1+deb9u1.dsc
249e863b2e66f359d1c80d13b2bef1587f5376edbd2b66158d2d27fee0002fd9 15672
weechat_1.6-1+deb9u1.debian.tar.xz
22e2a0673cc6906104477579235ab073528da15ea2ed8908999633a6f9d1eeb6 67216
weechat-dev_1.6-1+deb9u1_all.deb
c4cd714fd44c429428d9a426c4ea28e188b911fcaf6fc7863a477eec8b7cb448 820540
weechat-doc_1.6-1+deb9u1_all.deb
bee62acec12c9acd6daf81aced7005b52c4f201c8b103f48480cb38f7399402c 54838
weechat_1.6-1+deb9u1_all.deb
Files:
2f692f57cb51b19848c54218d62888da 2667 net optional weechat_1.6-1+deb9u1.dsc
aa32aa2f5a689a1281dafbdee421a61d 15672 net optional
weechat_1.6-1+deb9u1.debian.tar.xz
e5ddc25a67c4e8b87cf2b9223ab24c46 67216 devel optional
weechat-dev_1.6-1+deb9u1_all.deb
f182d899ca2f2e1d1b5d2bd7777b3c54 820540 doc optional
weechat-doc_1.6-1+deb9u1_all.deb
3307cc90e9d07f8465566d6a8920db49 54838 net optional
weechat_1.6-1+deb9u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkEslhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EM/oP/j/Jtb3tSECmGQHRLwi5YutxxmBU5OrU
qQMvTsvT85+4utspTcvV5vjM4PiBwcL/mYoxu87hbtny0z7Dk/ADAzX5NtDwkeUS
pv3FY2VyarCvPPTWGmBoyvk+1Iq1kCMhoD0heiSsl4e2DrtJRbytWMTuPNpbXdH8
vQBbuu+FKjIniJjzDxFQqGwDVrV96QkVcZvmWo6h3hbT/2msIbWO9rVTq1WQRESN
uf2c23YAL5U+DXq81o0gl/CWC8+CcLY6i2Z6DFjpYrmX+5a9IpkcfIBPOeYvy5jz
nYKmvpg9VxJIb0GPqrRO2uVO2XpNSeBzZAz8lDjBIykkoA5UfCwW+9UHqU/Zb5rN
R25x1Ler92N3V65r6+KrMtOgv/1bRcM688J7zmHKe7IbbtpIb27ubMFd40F/0hU8
XM1jyHzlq2SHuyzRkRtBlSrOn22mMiFhiVVHXyEDFmRk6kbHNhDljGjJ/Mpxa4An
r6hT2T3SvGb1FGqCLamDOLq7odHOfd3Ncpswh/ESBF4ZEfZIW+lcBinwBMETkSr8
p/VmZAVUJvRD6oiWZz2X8DMeamqW+1Bgh9154reXpqAHDF1+UFxXjZeE5w/7KRUd
d3tDPjC68DkwePVFCZanpS8gsZ9XHf/DIrplwcYZ7iCojZQT1YAP0jFjut1FVyX5
DD5jlZtXhkg/
=Ka6+
-----END PGP SIGNATURE-----
--- End Message ---
