[ubuntu/cosmic-proposed] irssi 1.0.7-1ubuntu1 (Accepted)

Wed May 9 07:33:12 UTC 2018

irssi (1.0.7-1ubuntu1) cosmic; urgency=medium

  * Merge from Debian (LP: #1754781). Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/90irc-ubuntu-com:
      + Add the Ubuntu network with irc.ubuntu.com as the server,
        which is currently a CNAME for chat.freenode.net.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to Ubuntu and joining #ubuntu.
  * Changes no longer needed:
    - d/p/CVE-2018-xxxx.patch: Applied upstream.

irssi (1.0.7-1) unstable; urgency=high

  * New upstream bugfix release (closes: #886475):
    From 1.0.6:
    - Fix invalid memory access when reading hilight configuration
      (#787, #788).
    - Fix null pointer dereference when the channel topic is set
      without specifying a sender [CVE-2018-5206]
    - Fix return of random memory when using incomplete escape
      codes [CVE-2018-5205]
    - Fix heap buffer overflow when completing certain strings
      [CVE-2018-5208]
    - Fix return of random memory when using an incomplete
      variable argument [CVE-2018-5207]

    From 1.0.7:
    - Prevent use after free error during the execution of some
      commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
    - Revert netsplit print optimisation due to crashes
    - Fix use after free when SASL messages are received in
      unexpected order [CVE-2018-7053] (closes: #890675)
    - Fix null pointer dereference in the tab completion when an
      empty nick is joined [CVE-2018-7050] (closes: #890678)
    - Fix use after free when entering oper password
    - Fix null pointer dereference when too many windows are
      opened [CVE-2018-7052] (closes: #890676)
    - Fix out of bounds access in theme strings when the last
      escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
      (closes: #890677)
    - Fix out of bounds write when using negative counts on window
      resize
    - Minor help correction. By William Jackson

  * Fix watch URL.
  * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
  * Bump Standards-Version to 4.1.3.
  * Add lintian overrides for the spelling of "hilight" in the changelog
    mentioning the lintian overrides for the spelling of "hilight" in irssi
    itself.

Date: Fri, 09 Mar 2018 17:54:53 -0500
Changed-By: Unit 193 <unit193 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: LocutusOfBorg <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/irssi/1.0.7-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 09 Mar 2018 17:54:53 -0500
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 1.0.7-1ubuntu1
Distribution: cosmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Unit 193 <unit193 at ubuntu.com>
Description:
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Closes: 886475 890674 890675 890676 890677 890678
Launchpad-Bugs-Fixed: 1754781
Changes:
 irssi (1.0.7-1ubuntu1) cosmic; urgency=medium
 .
   * Merge from Debian (LP: #1754781). Remaining changes:
     - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
       - When we have a proxy setting, we expect the CN to match
         the proxy hostname, not the server hostname.
     - d/p/90irc-ubuntu-com:
       + Add the Ubuntu network with irc.ubuntu.com as the server,
         which is currently a CNAME for chat.freenode.net.
     - d/p/03firsttimer_text:
       + Adapt 03firsttimer_text so it tells you about
         connecting to Ubuntu and joining #ubuntu.
   * Changes no longer needed:
     - d/p/CVE-2018-xxxx.patch: Applied upstream.
 .
 irssi (1.0.7-1) unstable; urgency=high
 .
   * New upstream bugfix release (closes: #886475):
     From 1.0.6:
     - Fix invalid memory access when reading hilight configuration
       (#787, #788).
     - Fix null pointer dereference when the channel topic is set
       without specifying a sender [CVE-2018-5206]
     - Fix return of random memory when using incomplete escape
       codes [CVE-2018-5205]
     - Fix heap buffer overflow when completing certain strings
       [CVE-2018-5208]
     - Fix return of random memory when using an incomplete
       variable argument [CVE-2018-5207]
 .
     From 1.0.7:
     - Prevent use after free error during the execution of some
       commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
     - Revert netsplit print optimisation due to crashes
     - Fix use after free when SASL messages are received in
       unexpected order [CVE-2018-7053] (closes: #890675)
     - Fix null pointer dereference in the tab completion when an
       empty nick is joined [CVE-2018-7050] (closes: #890678)
     - Fix use after free when entering oper password
     - Fix null pointer dereference when too many windows are
       opened [CVE-2018-7052] (closes: #890676)
     - Fix out of bounds access in theme strings when the last
       escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
       (closes: #890677)
     - Fix out of bounds write when using negative counts on window
       resize
     - Minor help correction. By William Jackson
 .
   * Fix watch URL.
   * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
   * Bump Standards-Version to 4.1.3.
   * Add lintian overrides for the spelling of "hilight" in the changelog
     mentioning the lintian overrides for the spelling of "hilight" in irssi
     itself.
Checksums-Sha1:
 6f671584548665c6e49fa3ad814103933c8ad5fd 2224 irssi_1.0.7-1ubuntu1.dsc
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz
 0524e5f2d465e3b04a0227dac648a26e5c6d8286 1034188 irssi_1.0.7.orig.tar.xz.asc
 304a8dcb6f874e7276e87cdcd27ff814c9c53bdd 24232 irssi_1.0.7-1ubuntu1.debian.tar.xz
 f2abe2e5c1b96f9ec6ee447a2cd8a0fa6c1b53f5 7013 irssi_1.0.7-1ubuntu1_source.buildinfo
Checksums-Sha256:
 21bb63f9c9129b9b52643502afc4934d1dd0168963dd4d399945022daf4a3cef 2224 irssi_1.0.7-1ubuntu1.dsc
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz
 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac 1034188 irssi_1.0.7.orig.tar.xz.asc
 2748880bf0428525333bb6055b9f0944629c05e88c8835e8c5e128465f0ef619 24232 irssi_1.0.7-1ubuntu1.debian.tar.xz
 f19f6515135979fae83650fdbd7b13ae2e017ac656f30ef469d454e8bd939c45 7013 irssi_1.0.7-1ubuntu1_source.buildinfo
Files:
 308573e0117b23a5a81ba1717e742a23 2224 net optional irssi_1.0.7-1ubuntu1.dsc
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz
 6ebf07a03b58f7af1296cd8fdbb3619f 1034188 net optional irssi_1.0.7.orig.tar.xz.asc
 2698cb76ca2398fb73daa52a7feca865 24232 net optional irssi_1.0.7-1ubuntu1.debian.tar.xz
 d38396c13083005375fbcff8a3f2b754 7013 net optional irssi_1.0.7-1ubuntu1_source.buildinfo
Original-Maintainer: Rhonda D'Vine <rhonda at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJa8qQDAAoJEPNPCXROn13Zm6IQALv+GYTcplpb8kqxGvZfxdL4
sZoNu9VxdH+83EYeLbncJ0vulpWn7ulci6YSHGw+NVv3tyQHAqtn3P79dgo/E4Jf
CgmmkYWVGl4U4NS9+P9kxMQ4CahwkV3Pp3iNGAl8GkL+k9Tl7XmQS+YpfsktyD8j
RriE6IbEXOfWzGC1AoEEhHVyLIaowWGDnRkMI6ezN0OPOe/WOHF/Bkhdb8FADin4
M/waNlDA25cm2tsmvuA5H/wZ5SOFcwteNw+P9bCayrSNunisJlpm7GWpgrD1rnOa
6IQEmZ1UlWDe9xLA+qfnihrq4PNeHE3ROGgFkmdlvj0Y8vJQlXqPOc1m8mAboVkz
ujbCohdNMBqECRsjz0d6MxURmwRpRywSvYZg7292ICngtIBxiru1rLW5EzalpuDv
66IQ4XEJITxX/ThjN1fNszrtHSZhRvc6aXqrm54Jff5TAevk9sekjHHs9FuMJ5SS
KGKUgU42jSBLGaSdHBW4BbdHl0ZANgnEURtE8vCqqVuWhshL/B9Mz2t1DrAvJybB
NljSBL3HvPozA6kDyrRHER9lKVLX82L1vjf+TmrJZsSqgfgGoD4R08O8eCwmT4w+
7vql3ZqTVj/+AkrecjqWavBvKXGdfBPLlXBuoniGXMLO012i9j9eG1OuCKYat8Rr
JZu5ohAWkpSSGB4uoqPf
=2c4d
-----END PGP SIGNATURE-----