Debian Bug report logs - #519940
weechat-curses: DoS (crash) with some IRC messages from other users

version graph

Package: weechat-curses; Maintainer for weechat-curses is Emmanuel Bouthenot <kolter@debian.org>; Source for weechat-curses is src:weechat.

Reported by: Sebastien Helleu <flashcode@flashtux.org>

Date: Mon, 16 Mar 2009 10:49:10 UTC

Severity: grave

Tags: security

Found in version weechat/0.2.6-3

Fixed in version weechat/0.2.6.1-1

Done: Emmanuel Bouthenot <kolter@openics.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Emmanuel Bouthenot <kolter@openics.org>:
Bug#519940; Package weechat-curses. (Mon, 16 Mar 2009 10:49:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastien Helleu <flashcode@flashtux.org>:
New Bug report received and forwarded. Copy sent to Emmanuel Bouthenot <kolter@openics.org>. (Mon, 16 Mar 2009 10:49:12 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sebastien Helleu <flashcode@flashtux.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: weechat-curses: DoS (crash) with some IRC messages from other users
Date: Mon, 16 Mar 2009 11:38:29 +0100
Package: weechat-curses
Version: 0.2.6-3
Severity: grave
Justification: renders package unusable

Denial of service (crash) when receiving some IRC messages from other users,
with special data inside.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.28.7
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages weechat-curses depends on:
ii  libc6                     2.9-4          GNU C Library: Shared libraries
ii  libgnutls26               2.6.4-2        the GNU TLS library - runtime libr
ii  libncursesw5              5.7+20090228-1 shared libraries for terminal hand
ii  weechat-common            0.2.6-3        Common files for WeeChat

Versions of packages weechat-curses recommends:
ii  weechat-plugins               0.2.6-3    Plugins for WeeChat

weechat-curses suggests no packages.

-- no debconf information




Reply sent to Emmanuel Bouthenot <kolter@openics.org>:
You have taken responsibility. (Mon, 16 Mar 2009 15:51:19 GMT) Full text and rfc822 format available.

Notification sent to Sebastien Helleu <flashcode@flashtux.org>:
Bug acknowledged by developer. (Mon, 16 Mar 2009 15:51:19 GMT) Full text and rfc822 format available.

Message #10 received at 519940-close@bugs.debian.org (full text, mbox):

From: Emmanuel Bouthenot <kolter@openics.org>
To: 519940-close@bugs.debian.org
Subject: Bug#519940: fixed in weechat 0.2.6.1-1
Date: Mon, 16 Mar 2009 14:51:05 +0000
Source: weechat
Source-Version: 0.2.6.1-1

We believe that the bug you reported is fixed in the latest version of
weechat, which is due to be installed in the Debian FTP archive:

weechat-common_0.2.6.1-1_all.deb
  to pool/main/w/weechat/weechat-common_0.2.6.1-1_all.deb
weechat-curses_0.2.6.1-1_amd64.deb
  to pool/main/w/weechat/weechat-curses_0.2.6.1-1_amd64.deb
weechat-plugins_0.2.6.1-1_amd64.deb
  to pool/main/w/weechat/weechat-plugins_0.2.6.1-1_amd64.deb
weechat_0.2.6.1-1.diff.gz
  to pool/main/w/weechat/weechat_0.2.6.1-1.diff.gz
weechat_0.2.6.1-1.dsc
  to pool/main/w/weechat/weechat_0.2.6.1-1.dsc
weechat_0.2.6.1-1_all.deb
  to pool/main/w/weechat/weechat_0.2.6.1-1_all.deb
weechat_0.2.6.1.orig.tar.gz
  to pool/main/w/weechat/weechat_0.2.6.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 519940@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@openics.org> (supplier of updated weechat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 16 Mar 2009 13:18:29 +0000
Source: weechat
Binary: weechat weechat-curses weechat-common weechat-plugins
Architecture: source all amd64
Version: 0.2.6.1-1
Distribution: unstable
Urgency: low
Maintainer: Emmanuel Bouthenot <kolter@openics.org>
Changed-By: Emmanuel Bouthenot <kolter@openics.org>
Description: 
 weechat    - Fast, light and extensible IRC client
 weechat-common - Common files for WeeChat
 weechat-curses - Fast, light and extensible IRC client - console client
 weechat-plugins - Plugins for WeeChat
Closes: 519940
Changes: 
 weechat (0.2.6.1-1) unstable; urgency=low
 .
   * New upstream release which includes a fix against a possible remote
     Denial of Service (crash) while receiving messages with special chars
     (Closes: #519940).
   * Refresh patch multiple_ip_servers according to the new upstream release.
   * Update Standards-Version to 3.8.1.
Checksums-Sha1: 
 01e74130a788214245daeef937b5f2d1f912f726 1438 weechat_0.2.6.1-1.dsc
 969efdb8d7a13f5b9188e750f2342fdf94086f17 1616912 weechat_0.2.6.1.orig.tar.gz
 26b37a378ae2912be3ba1952b40812854c33149d 5602 weechat_0.2.6.1-1.diff.gz
 4c09d18925a52f4aeebaaf1ab636f8aed896c03f 20346 weechat_0.2.6.1-1_all.deb
 6d8d99310300c68e00155798e2abc4dfd988bbeb 427346 weechat-common_0.2.6.1-1_all.deb
 a40262e00b1a407a87b05cac4d14c8e162ecf932 214428 weechat-curses_0.2.6.1-1_amd64.deb
 af71293cb37464aa54be1283a2f80d985487a3db 119156 weechat-plugins_0.2.6.1-1_amd64.deb
Checksums-Sha256: 
 d02f50c9f3dbe2d71f19a03a6fb526f0db48a84de5143f1570b939481cb91f5f 1438 weechat_0.2.6.1-1.dsc
 19b4ffb80c19d1b0cedb7696bb2f5a250b4510ae82afb5fa58fb1213d700f80d 1616912 weechat_0.2.6.1.orig.tar.gz
 ec74c384ef917e5aa6d50e4e32e2221102d0c95a32c33dbd41435a89bc7c6dc9 5602 weechat_0.2.6.1-1.diff.gz
 630edc9fc7284ab6e07b8ec4b866b032a642464b8ed5f4f37ad52e284d504fce 20346 weechat_0.2.6.1-1_all.deb
 79d85f54585de9f96900b551302efa570c2e1b2516b7081e9e4dc1d390a10276 427346 weechat-common_0.2.6.1-1_all.deb
 f8e86b1c4d3902e572f72456faff871de7e13dd25ee8042a138adb50390c5826 214428 weechat-curses_0.2.6.1-1_amd64.deb
 d82cedcf2b9898897cfc4237e73ccefd24a5b1099d36035f171ad3b8e91f0053 119156 weechat-plugins_0.2.6.1-1_amd64.deb
Files: 
 f07cd0134d41b6cd7b382d74ec23833d 1438 net optional weechat_0.2.6.1-1.dsc
 bb49a21ab84009c862b78c6d084bc60a 1616912 net optional weechat_0.2.6.1.orig.tar.gz
 7340043cd14407bd4037705de997324a 5602 net optional weechat_0.2.6.1-1.diff.gz
 a32caee26c36596e4f63585b001dbc96 20346 net optional weechat_0.2.6.1-1_all.deb
 ed0d28e284b2dc160869081fc8b0a4d6 427346 net optional weechat-common_0.2.6.1-1_all.deb
 d0a6fb9af2b7e34334fc94d924455eee 214428 net optional weechat-curses_0.2.6.1-1_amd64.deb
 c6854ff21c580d2b91cad48a76aa8203 119156 net optional weechat-plugins_0.2.6.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm+YZwACgkQpHXqGUFOw2652wCgkOvoOKOUAC28AZEBRCktGPEH
1qAAn2ZfnUfnw3I9twKC5qq824N9xiQO
=5qON
-----END PGP SIGNATURE-----





Tags added: security Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Mon, 16 Mar 2009 21:24:02 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 10 May 2009 07:30:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 13:06:24 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.