*** This bug is a security vulnerability *** Public security bug reported:
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC tot he IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. Fixed in Debian --------------- weechat (1.7-3) unstable; urgency=medium . * Add a patch to fix CVE-2017-8073 which allows a remote crash by sending a filename via DCC to the IRC plugin (Closes: #861121) That version was synced to Ubuntu 17.10 Alpha "artful" References ---------- https://security-tracker.debian.org/tracker/CVE-2017-8073 https://weechat.org/download/security/ (all other listed security bugs already fixed in 14.04 LTS and newer) https://github.com/weechat/weechat/commit/2fb346f25f79 Testing Done ------------ None ** Affects: weechat (Ubuntu) Importance: Undecided Status: New ** Tags: trusty xenial yakkety zesty ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-8073 ** Description changed: + WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC + tot he IRC plugin. This occurs in the + irc_ctcp_dcc_filename_without_quotes function during quote removal, with + a buffer overflow. + + Fixed in Debian + --------------- weechat (1.7-3) unstable; urgency=medium - . - * Add a patch to fix CVE-2017-8073 which allows a remote crash by - sending a filename via DCC to the IRC plugin (Closes: #861121) + . + * Add a patch to fix CVE-2017-8073 which allows a remote crash by + sending a filename via DCC to the IRC plugin (Closes: #861121) That version was synced to Ubuntu 17.10 Alpha "artful" References ---------- https://security-tracker.debian.org/tracker/CVE-2017-8073 https://weechat.org/download/security/ (all other listed security bugs already fixed in 14.04 LTS and newer) https://github.com/weechat/weechat/commit/2fb346f25f79 Testing Done ------------ None ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1686478 Title: CVE-2017-8073 weechat remote crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/weechat/+bug/1686478/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs