X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68])
	by lists.alpinelinux.org (Postfix) with ESMTP id 44B4F5C4187
	for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 11:19:56 +0000 (GMT)
Received: by mail-lf0-f68.google.com with SMTP id v186so1297618lfa.2
        for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 03:19:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=NQj4rTDoKNKT/zqkm9WIzV0xTjJcFmbA2ddFdgYZ1zg=;
        b=ClxmEny7C4z8va+qa/obbsHmEIDKCwGpAy5taiHtnCKI6Wa97khiKI2r5qe7cwmD1s
         sVJIRTeOjudY+JpGX3yg2nZPjhgVgChir4w1KYxeOQkntNe5zBJTnuyCQmSazvUPR6wP
         zICY590G1OUb/5lWHD1CjLixJD9lKuOqf2TUDwDanTpxbNYRyVAn0xOOWLqeX1dDkNrs
         4z+99xDnY+xmTZe1Xmw35FFuyPR9jvcJncKOVfRTJ5ULhf58OMW9Ifd14odUIMxgx41Z
         CRYf3OmUWIG2Ec7BZLa8JmQMRc8Mqi9d1vv3F1vvFCMmu6cD1iR+zcmw4RlDsfJrrnTE
         z2WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=NQj4rTDoKNKT/zqkm9WIzV0xTjJcFmbA2ddFdgYZ1zg=;
        b=oFqCcNpSSrhqO+IPxKR5dVGNFfnEyW0wSZgpiK50zs1C3d4Fppe2q8HaJ+amNhxuya
         /S21cVB37E4Gcehf3NOyRDM0NVNeTqXYlpRKHN+1Ld4d2vaoLY+NUBvIiaRdJlyNq6lw
         lPDXQ/9ntpi7YuMo04L0NN0joKRAZNfhMqZoTrb69Ta/pv75AuSRZFMn8ebtLg7Q9JpE
         4pqV+ik9QCwOBpmfGj2wDYQaRwi0ykQMO4b5MGmP90W3FmfcavPlRuoX3Es0LPn889qt
         wpZs+hNBu/qhorscAoV03+EpGNCp9hSq5zJfwUZdJd3bIvpYUoVQmKP25EmDEVBi7rDG
         RBmA==
X-Gm-Message-State: AIkVDXJxRBIuGbW3waGDQWMwk6Ujaul0I8QcHP95phpOLyLU/ChXOTbjK82QdR6Wjic9bA==
X-Received: by 10.46.76.10 with SMTP id z10mr1292122lja.9.1484738395477;
        Wed, 18 Jan 2017 03:19:55 -0800 (PST)
Received: from v3-3.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id d2sm10471254lfe.13.2017.01.18.03.19.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 18 Jan 2017 03:19:54 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.3] main/irssi: security upgrade to 0.8.21 - fixes #6693
Date: Wed, 18 Jan 2017 11:19:48 +0000
Message-Id: <1484738388-7344-1-git-send-email-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.6.6
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
---
This release fixes four remote crash issues in older Irssi releases.
There are no new features compared to 0.8.20
https://irssi.org/2017/01/05/irssi-0.8.21-released

 main/irssi/APKBUILD | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index 33dde82..bf3f791 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com>
 pkgname=irssi
-pkgver=0.8.20
+pkgver=0.8.21
 pkgrel=0
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
@@ -12,9 +13,15 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz"
 
 # secfixes:
+#   0.8.21-r0:
+#     - CVE-2017-5193
+#     - CVE-2017-5194
+#     - CVE-2017-5356
+#     - CVE-2017-5195
+#     - CVE-2017-5196
 #   0.8.20-r0:
-#   - CVE-2016-7044
-#   - CVE-2016-7045
+#     - CVE-2016-7044
+#     - CVE-2016-7045
 
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
@@ -72,6 +79,6 @@ proxy() {
 	mv "$pkgdir"/usr/lib/irssi/modules/libirc_proxy.* "$subpkgdir"/usr/lib/irssi/modules/
 }
 
-md5sums="67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz"
-sha256sums="7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a  irssi-0.8.20.tar.xz"
-sha512sums="ace39022a3e7461fc33cbd0e8c6635aa84c67fc4f6364b66747f860a4538a4b17bbd677e342fbfa9ae7e97783745f8d7dab350a27330ce14f1702386231296b1  irssi-0.8.20.tar.xz"
+md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz"
+sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz"
+sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz"
-- 
2.6.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---