[ubuntu/bionic-proposed] irssi 1.0.5-1ubuntu1 (Accepted)

Tue Dec 5 10:08:13 UTC 2017

irssi (1.0.5-1ubuntu1) devel; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
  * Changes no longer needed:
    - d/p/CVE-2017-15xxx.patch: Applied upstream.

irssi (1.0.5-1) unstable; urgency=high

  * New upstream bugfix release (closes: #879521):
    - Fix missing -sasl_method '' in /NETWORK.
    - Fix incorrect restoration of term state when hitting SUSP
      inside screen.
    - Fix out of bounds read when compressing colour
      sequences. Found by Hanno Böck. [CVE-2017-15228]
    - Fix use after free condition during a race condition when
      waiting on channel sync during a rejoin [CVE-2017-15227]
    - Fix null pointer dereference when parsing certain malformed
      CTCP DCC messages. [CVE-2017-15721]
    - Fix crash due to null pointer dereference when failing to
      split messages due to overlong nick or target. [CVE-2017-15723]
    - Fix out of bounds read when trying to skip a safe channel ID
      without verifying that the ID is long enough. [CVE-2017-15722]
    - Fix return of random memory when inet_ntop failed.
    - Minor statusbar help update.
  * Remove deprecated --with autotools_dev call to dh.
  * Bump Standards-Version to 4.1.1.
  * Change priority of irssi-dev from deprecated extra to optional.
  * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
    directly.

Date: Sat, 02 Dec 2017 17:18:54 -0500
Changed-By: Unit 193 <unit193 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: LocutusOfBorg <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/irssi/1.0.5-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 02 Dec 2017 17:18:54 -0500
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.5-1ubuntu1
Distribution: devel
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Unit 193 <unit193 at ubuntu.com>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 879521
Changes:
 irssi (1.0.5-1ubuntu1) devel; urgency=medium
 .
   * Merge from Debian. Remaining changes:
     - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
       - When we have a proxy setting, we expect the CN to match
         the proxy hostname, not the server hostname.
     - d/p/90irc-ubuntu-com:
       + Add the Ubuntu network with irc.ubuntu.com as the server,
         which is currently a CNAME for chat.freenode.net.
     - d/p/03firsttimer_text:
       + Adapt 03firsttimer_text so it tells you about
         connecting to Ubuntu and joining #ubuntu.
   * Changes no longer needed:
     - d/p/CVE-2017-15xxx.patch: Applied upstream.
 .
 irssi (1.0.5-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #879521):
     - Fix missing -sasl_method '' in /NETWORK.
     - Fix incorrect restoration of term state when hitting SUSP
       inside screen.
     - Fix out of bounds read when compressing colour
       sequences. Found by Hanno Böck. [CVE-2017-15228]
     - Fix use after free condition during a race condition when
       waiting on channel sync during a rejoin [CVE-2017-15227]
     - Fix null pointer dereference when parsing certain malformed
       CTCP DCC messages. [CVE-2017-15721]
     - Fix crash due to null pointer dereference when failing to
       split messages due to overlong nick or target. [CVE-2017-15723]
     - Fix out of bounds read when trying to skip a safe channel ID
       without verifying that the ID is long enough. [CVE-2017-15722]
     - Fix return of random memory when inet_ntop failed.
     - Minor statusbar help update.
   * Remove deprecated --with autotools_dev call to dh.
   * Bump Standards-Version to 4.1.1.
   * Change priority of irssi-dev from deprecated extra to optional.
   * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
     directly.
Checksums-Sha1:
 ed7ad429ba7b3513b1aabc4230d4a55e4cdf17fe 2226 irssi_1.0.5-1ubuntu1.dsc
 13893183e596c4022d98724ad403328a74056cd7 1032308 irssi_1.0.5.orig.tar.xz
 d40d9648e92fe9a52dd34b566780684235accd9c 195 irssi_1.0.5.orig.tar.xz.asc
 1a6b9d075fb1d70b6dfe67c17f5bc0199cb8f2a9 23336 irssi_1.0.5-1ubuntu1.debian.tar.xz
 1885957e2369667bbf80662156fcb5039de80136 7400 irssi_1.0.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
 3be2ea1a2be50f75d6d492a5b05352e3bc857add46c0c22e9077a7b5a09a8fe3 2226 irssi_1.0.5-1ubuntu1.dsc
 c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914 1032308 irssi_1.0.5.orig.tar.xz
 876f23ecbb27956d5f5f0fb2dab4035d75a4f23e64c7c4d84436a5e62b8460b1 195 irssi_1.0.5.orig.tar.xz.asc
 e30267b89ceed7427452af3550b8e7ffd9309aba530a43946af1de99b142b5e1 23336 irssi_1.0.5-1ubuntu1.debian.tar.xz
 e8cfa6c37b192edc0601b8a2eeb24ee23e89f318580eadeca337058172cb19a5 7400 irssi_1.0.5-1ubuntu1_source.buildinfo
Files:
 9dff47a0b98b3c42af5a6b2ef00e1cf5 2226 net optional irssi_1.0.5-1ubuntu1.dsc
 21357ac5e9970fa0c79ca971a9a01270 1032308 net optional irssi_1.0.5.orig.tar.xz
 df7eef66faf0620d0b26decf3ddaf43d 195 net optional irssi_1.0.5.orig.tar.xz.asc
 834902dbab068d9d6aa93c5dc4a41252 23336 net optional irssi_1.0.5-1ubuntu1.debian.tar.xz
 3a3bce134824d4329ae7c3b2c73ee8b6 7400 net optional irssi_1.0.5-1ubuntu1_source.buildinfo
Original-Maintainer: Rhonda D'Vine <rhonda at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaJm/FAAoJEPNPCXROn13Z1ZQQAIDRiHWX7FRD7w2rViH85Wgz
KzlPRisqOxq/+kV55Ls9HYxK1fgO+wiBdjs4r8P4dNTAlSqA1GIAJ4+gY34y+i2K
y0J1WDF77hprwbgM/aFgRkZFwfSZdSppb1wKr3noFR2WdrAKDopwV7Wi3F/FEuoX
EqAy7MUbHOiOY8ZRFYZmQiif0rl5YuvGchC1LX6B6FK0xo60dbQVNVmktYD+gTbF
nUBPsiIUQnYw/RABNmsyVa9D+URHQw40eD3v9/hsrTl96WWQ4/t7IaTmzGZWQGae
I+wyhCY5caWIIb/0tb05BMqrKOOQW+NFfD7OD7C3xOPAx/lKLXAF8HcOjJi7STXa
mTjk2XP9d+zGOERimWZeTqiNC6fG01Z7as2Vbej/KSZGDphWSFVsJ6PdY+21c76w
ai1aBra/1wDoQGQ4U5lgGGxOn04aAtYhsv8BIvvFSTWJvp4wrg3j4GIQEPIcmTBN
V0BlMysqnK6zu7ysz0VP40iViMAvOFPmhd3EIgZPQw1mBXMszVpTiQzU3scm7Usx
AjyR/IK4k4v1u/lxqUjIl09gbhFY7AImOFffjeUtWCD2qkh1qXUO+bpRklDwJyON
ceVuqXYUfAM5Dqee3BdjOr7cU6PSZPSQiGTaEdqJFDfqWVAQD3AWGt5G8aaWE+mj
n6UHlEOcNpxuec4IL7DU
=/Gwh
-----END PGP SIGNATURE-----