Bug#1034441: unblock: irssi/1.4.3-2

Rhonda D'Vine Sat, 15 Apr 2023 06:33:14 -0700

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock


Please unblock package irssi

The update has just a one-line fix for CVE-2023-29132 applied.
See #1033785 about it.

[ Reason ]
Fixes a security issue.

[ Risks ]
It's one-line that got removed, so the code change is trivial.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock irssi/1.4.3-2
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

diff -Nru irssi-1.4.3/debian/changelog irssi-1.4.3/debian/changelog
--- irssi-1.4.3/debian/changelog        2022-11-04 04:12:48.000000000 +0100
+++ irssi-1.4.3/debian/changelog        2023-04-14 10:25:21.000000000 +0200
@@ -1,3 +1,9 @@
+irssi (1.4.3-2) unstable; urgency=critical
+
+  * Pull commit c554a4 from upstream to fix CVE-2023-29132 (closes: #1033785)
+
+ -- Rhonda D'Vine <rho...@debian.org>  Fri, 14 Apr 2023 10:25:21 +0200
+
 irssi (1.4.3-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru irssi-1.4.3/debian/patches/04fix_stale_special_collector 
irssi-1.4.3/debian/patches/04fix_stale_special_collector
--- irssi-1.4.3/debian/patches/04fix_stale_special_collector    1970-01-01 
01:00:00.000000000 +0100
+++ irssi-1.4.3/debian/patches/04fix_stale_special_collector    2023-04-14 
10:23:46.000000000 +0200
@@ -0,0 +1,20 @@
+From c554a45738712219c066897b09a44d99afeb4240 Mon Sep 17 00:00:00 2001
+From: Ailin Nemui <ailin@d5421s.localdomain>
+Date: Sun, 26 Mar 2023 23:36:41 +0200
+Subject: [PATCH] fix stale special collector use after free
+
+reported by ednash and investigated by @dwfreed
+---
+ src/fe-text/textbuffer-formats.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/src/fe-text/textbuffer-formats.c
++++ b/src/fe-text/textbuffer-formats.c
+@@ -213,7 +213,6 @@
+       if (!scrollback_format)
+               return;
+ 
+-      special_push_collector(NULL);
+       info = store_lineinfo_tmp(dest);
+ 
+       info->format = format_rec_new(NULL, NULL, 2, (const char *[]){ NULL, 
text });
diff -Nru irssi-1.4.3/debian/patches/series irssi-1.4.3/debian/patches/series
--- irssi-1.4.3/debian/patches/series   2022-07-16 21:12:10.000000000 +0200
+++ irssi-1.4.3/debian/patches/series   2023-04-14 10:23:24.000000000 +0200
@@ -1,6 +1,7 @@
 01chanmode_expando_strip
 02ctcp_version_reply
 03firsttimer_text
+04fix_stale_special_collector
 12manpage-fix
 ## disabled for now, Ubuntu-only patch.
 #20fix_ssl_proxy_hostname_check

Bug#1034441: unblock: irssi/1.4.3-2

Reply via email to