Security vulnerabilities fixed in WeeChat 2.7.1

weechat-security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security vulnerabilities fixed in WeeChat 2.7.1

From:	Sébastien Helleu
Subject:	Security vulnerabilities fixed in WeeChat 2.7.1
Date:	Thu, 20 Feb 2020 22:46:40 +0100
User-agent:	Mutt/1.10.1 (2018-07-13)

Hi all,

Three security vulnerabilities have been fixed in WeeChat 2.7.1, which was
released a few hours ago:

* a malformed IRC message 324 (channel mode) can cause a buffer overflow and
  possibly a crash (CVE-2020-8955)

* a new IRC message 005 received with longer nick prefixes can cause a buffer
  overflow and possibly a crash

* a malformed IRC message 352 (WHO) can cause a crash.

These vulnerabilities affects WeeChat versions from 0.3.4 to 2.7.

Thanks to Stuart Nevans Locke for reporting the problems.

For more info, please visit the WeeChat security page:
https://weechat.org/doc/security/

-- 
Sébastien Helleu

web: weechat.org / flashtux.org
irc: FlashCode @ irc.freenode.net

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Security vulnerabilities fixed in WeeChat 2.7.1, Sébastien Helleu <=

Index(es):
- Date
- Thread