aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordbaio <dbaio@FreeBSD.org>2018-01-07 04:43:51 +0800
committerdbaio <dbaio@FreeBSD.org>2018-01-07 04:43:51 +0800
commitc5c12e4293820b949a332abe22d3023273487df1 (patch)
tree875b14766f4f603bb0fe486772f8ff16d90a5e7a /security
parentddfff123909d9a19a84b931224672bcbe8cc194a (diff)
downloadfreebsd-ports-gnome-c5c12e4293820b949a332abe22d3023273487df1.tar.gz
freebsd-ports-gnome-c5c12e4293820b949a332abe22d3023273487df1.tar.zst
freebsd-ports-gnome-c5c12e4293820b949a332abe22d3023273487df1.zip
security/vuxml: Document multiple vulnerabilities in irc/irssi
Security: CVE-2018-5205 Security: CVE-2018-5206 Security: CVE-2018-5207 Security: CVE-2018-5208 PR: 224954 Reported by: tj@mrsk.me (email) Reported by: David O'Rourke <dor.bsd@xm0.uk>
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml38
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index fd76d90a95df..4de87f443f05 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a3764767-f31e-11e7-95f2-005056925db4">
+ <topic>irssi -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>irssi</name>
+ <range><lt>1.0.6,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Irssi reports:</p>
+ <blockquote cite="https://irssi.org/security/irssi_sa_2018_01.txt">
+ <p>When the channel topic is set without specifying a sender, Irssi
+ may dereference NULL pointer. Found by Joseph Bisch.</p>
+ <p>When using incomplete escape codes, Irssi may access data beyond
+ the end of the string. Found by Joseph Bisch.</p>
+ <p>A calculation error in the completion code could cause a heap
+ buffer overflow when completing certain strings.
+ Found by Joseph Bisch.</p>
+ <p>When using an incomplete variable argument, Irssi may access data
+ beyond the end of the string. Found by Joseph Bisch.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://irssi.org/security/irssi_sa_2018_01.txt</url>
+ <cvename>CVE-2018-5205</cvename>
+ <cvename>CVE-2018-5206</cvename>
+ <cvename>CVE-2018-5207</cvename>
+ <cvename>CVE-2018-5208</cvename>
+ <freebsdpr>ports/224954</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2018-01-03</discovery>
+ <entry>2018-01-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="8429711b-76ca-474e-94a0-6b980f1e2d47">
<topic>mozilla -- Speculative execution side-channel attack</topic>
<affects>