X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2B9E65C4769
	for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 11:22:28 +0000 (GMT)
Received: by mail-lf0-f67.google.com with SMTP id v186so1306481lfa.2
        for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 03:22:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=ho9X5aqQayZuysX8lTZSKKNN27nhM0sPNZXTffSzzNU=;
        b=W/j0bxOMBH7U68qbM9ok8LhiqmyaIFW8Z7/ULNx/3+q2rT3Os2/VsEQOICd2eVkWeF
         Doh7eSLcjJpitIvirWRLHMMZtrrOOBiUqh3gNHGDwB652GeeRmxYI7TIzI/hDXjWELio
         Cce/2Gd0pBgzqzVLMTdYv4QmJsoWOdGnP11di1EVMJQUStFBP1H7F7dWcwWfrXxfq+9l
         lhZWmGNpIz6GuYPVaXiURwgEuOZMqUHyAFZgrEIWhQMc6MHZZ+CuihGHxOObdTCRCP2r
         PdIhSF5lC83e2qUmfmk+ySpFyISIC4yjoAkwvZzl6nlqUmCLmgHgggFJb1inLKEjR9DS
         t6IQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=ho9X5aqQayZuysX8lTZSKKNN27nhM0sPNZXTffSzzNU=;
        b=mHJKiJZd506Iji0rViWR8ZELt/CGjf250F2vRHsXDhz5fUdtwVinzhaCHDsSommuSt
         foQ5ELu94gH98W/+M4T2hpXNOkeaCxFsoKXoCyH7TYNU5YpsP18VQ4+YeKHp+HByKIQs
         BPGvkJCiyM67It3NsKgiLKkNDi8aqF0SApY7WIfMDhjahjUDRCYJmVcHSkKCEVrCNzLx
         CCgNfDP2Kj0aiZs+i3B1lYElWW1mueAOnL6WGADZW4lDfIDS34SV1aL+NGGP2q3kB8Yt
         boVbIEcwdhAM3sMJWB+/i1B9HVOq+HxtLi00tRjWn70SnkoFVN0GjPUd0pi7rErd2bqD
         qzIA==
X-Gm-Message-State: AIkVDXLbNeRDOPdw0KnmnzvGG72ZVnJHoQLOi3ppFysxz+i7rkX5fn3oL5i6CQAzlVJ/+A==
X-Received: by 10.25.68.1 with SMTP id r1mr122515lfa.86.1484738547118;
        Wed, 18 Jan 2017 03:22:27 -0800 (PST)
Received: from v3-2.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id v9sm10245816lja.0.2017.01.18.03.22.26
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 18 Jan 2017 03:22:26 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.2] main/irssi: security upgrade to 0.8.21 - fixes #6694
Date: Wed, 18 Jan 2017 11:22:20 +0000
Message-Id: <1484738540-7453-1-git-send-email-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.4.11
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
---
This release fixes four remote crash issues in older Irssi releases.
There are no new features compared to 0.8.20
https://irssi.org/2017/01/05/irssi-0.8.21-released

main/irssi/APKBUILD | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index 4b01468..310c469 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman at gmail.com>
 pkgname=irssi
-pkgver=0.8.20
+pkgver=0.8.21
 pkgrel=0
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
@@ -12,6 +13,12 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz"
 
 # secfixes:
+#   0.8.21-r0:
+#   - CVE-2017-5193
+#   - CVE-2017-5194
+#   - CVE-2017-5356
+#   - CVE-2017-5195
+#   - CVE-2017-5196
 #   0.8.20-r0:
 #   - CVE-2016-7044
 #   - CVE-2016-7045
@@ -73,6 +80,6 @@ proxy() {
 	mv "$pkgdir"/usr/lib/irssi/modules/libirc_proxy.* "$subpkgdir"/usr/lib/irssi/modules/
 }
 
-md5sums="67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz"
-sha256sums="7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a  irssi-0.8.20.tar.xz"
-sha512sums="ace39022a3e7461fc33cbd0e8c6635aa84c67fc4f6364b66747f860a4538a4b17bbd677e342fbfa9ae7e97783745f8d7dab350a27330ce14f1702386231296b1  irssi-0.8.20.tar.xz"
+md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz"
+sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz"
+sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz"
-- 
2.4.11



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---