[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security vulnerabilities fixed in WeeChat 2.7.1
From: |
Sébastien Helleu |
Subject: |
Security vulnerabilities fixed in WeeChat 2.7.1 |
Date: |
Thu, 20 Feb 2020 22:46:40 +0100 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi all,
Three security vulnerabilities have been fixed in WeeChat 2.7.1, which was
released a few hours ago:
* a malformed IRC message 324 (channel mode) can cause a buffer overflow and
possibly a crash (CVE-2020-8955)
* a new IRC message 005 received with longer nick prefixes can cause a buffer
overflow and possibly a crash
* a malformed IRC message 352 (WHO) can cause a crash.
These vulnerabilities affects WeeChat versions from 0.3.4 to 2.7.
Thanks to Stuart Nevans Locke for reporting the problems.
For more info, please visit the WeeChat security page:
https://weechat.org/doc/security/
--
Sébastien Helleu
web: weechat.org / flashtux.org
irc: FlashCode @ irc.freenode.net
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Security vulnerabilities fixed in WeeChat 2.7.1,
Sébastien Helleu <=