oss-security - CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Sat, 10 Nov 2012 07:29:07 -0500 (EST)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Sebastien Helleu <flashcode@...shtux.org>
Subject: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer
 overflow when decoding IRC colors in strings

Hello Kurt, Steve, vendors,

  WeeChat upstream has released 0.3.9.1 version, correcting
one (heap-based) buffer overflow flaw.

References:
[1] http://weechat.org/
[2] http://weechat.org/security/
[3] https://savannah.nongnu.org/bugs/?37704
[4] https://bugzilla.redhat.com/show_bug.cgi?id=875181

Relevant upstream patch:
[5] http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff;h=9453e81baa7935db82a0b765a47cba772aba730d

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.