X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68])
	by lists.alpinelinux.org (Postfix) with ESMTP id 44CF75C4185
	for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 11:09:58 +0000 (GMT)
Received: by mail-lf0-f68.google.com with SMTP id x1so1267311lff.0
        for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 03:09:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=5tvrYuhvsHt677NQ8/kIBCpZJJLE8ivazvBLprHp7pg=;
        b=D5XPWA8QRt0YSLKv4XJE5yNbueske0RFUr7ekVKLsH6Mb3Zq4h6WaYVj4IiVkI6oS6
         p+YHbyc6ExlmU6IjOcXgwFcVL2mVrgBeqpXnG/2WIS27Vn7RnMuY50j+X62d+fDRTteZ
         CMVQ4efe2WalpEIfKb7mLQ449lo/bm7r3INjz4eNv/fMxgFRIO/yikyCMV0zBTSS3zod
         T5Ge0PkpCwXLWjOMQrg4eNX9p5In50tAyzVsEUi26U8sDZsOPjBWI2BynO2TZRQWDyAq
         hdXqRxCanbE9LH2pq/ux8erm0RvJ2+W/8Ka59QRdrnwGZw/PAxFYJDRhd+pySL/zojMg
         Wvlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=5tvrYuhvsHt677NQ8/kIBCpZJJLE8ivazvBLprHp7pg=;
        b=JWzEFD9vKQEVZARJbhqht8+jGEosWZ6Hcq3VNFn/lhYUxJ4zJKl7VR1ye3F5+00vZh
         8trsl4NSWrQjxosA68h+mMI8Uy4f9C+yi8zUIdrU+QhxESOlYTUvRx+2ta6BxvVRKwe7
         WzCXeOffJi1X+17R6B6DOYAfDeYsnLEDBwQugKpr+YLkjkTm7cvVtZ2UObyAZWk+AvW0
         DT72H7LYU2vGbm/xB2N26JM5or8MtSN73+Ymj/SKCD+yhHr4RClOKpX4qc3Ly0i1Wv2P
         0LddKx4Qc/NumzX1yvMc1UMgcV9oRfRYUIe0UlIsLKNajUWZwetWTwdNcb0CXYBacua2
         II2A==
X-Gm-Message-State: AIkVDXJnYS5opyrVsNDOZJtuDB4nVigjDfndRro2DyGcjsxPSeTV5ryNCgKy3gGdg90lwg==
X-Received: by 10.25.201.71 with SMTP id z68mr864328lff.3.1484737797231;
        Wed, 18 Jan 2017 03:09:57 -0800 (PST)
Received: from v3-4.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id a78sm10320866ljb.47.2017.01.18.03.09.55
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 18 Jan 2017 03:09:56 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.4] main/irssi: security upgrade to 0.8.21 - fixes #6692
Date: Wed, 18 Jan 2017 11:09:48 +0000
Message-Id: <20170118110948.7478-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.8.3
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
---
This release fixes four remote crash issues in older Irssi releases.
There are no new features compared to 0.8.20
https://irssi.org/2017/01/05/irssi-0.8.21-released

 main/irssi/APKBUILD | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index c29d2aa..25acb9f 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com>
 pkgname=irssi
-pkgver=0.8.20
+pkgver=0.8.21
 pkgrel=0
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
@@ -11,6 +12,14 @@ makedepends="glib-dev openssl-dev ncurses-dev perl-dev automake autoconf libtool
 subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz"
 
+# secfixes:
+#   0.8.21-r0:
+#     - CVE-2017-5193
+#     - CVE-2017-5194
+#     - CVE-2017-5356
+#     - CVE-2017-5195
+#     - CVE-2017-5196
+
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	local i
@@ -67,6 +76,6 @@ proxy() {
 	mv "$pkgdir"/usr/lib/irssi/modules/libirc_proxy.* "$subpkgdir"/usr/lib/irssi/modules/
 }
 
-md5sums="67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz"
-sha256sums="7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a  irssi-0.8.20.tar.xz"
-sha512sums="ace39022a3e7461fc33cbd0e8c6635aa84c67fc4f6364b66747f860a4538a4b17bbd677e342fbfa9ae7e97783745f8d7dab350a27330ce14f1702386231296b1  irssi-0.8.20.tar.xz"
+md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz"
+sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz"
+sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz"
-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---