[Secure-testing-commits] r56917 - data/CVE
Yves-Alexis Perez
corsac at moszumanska.debian.org
Sun Oct 22 15:18:39 UTC 2017
Author: corsac
Date: 2017-10-22 15:18:39 +0000 (Sun, 22 Oct 2017)
New Revision: 56917
Modified:
data/CVE/list
Log:
new CVEs for irssi
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-22 10:53:34 UTC (rev 56916)
+++ data/CVE/list 2017-10-22 15:18:39 UTC (rev 56917)
@@ -131,11 +131,14 @@
RESERVED
CVE-2017-15724
RESERVED
-CVE-2017-15723
+CVE-2017-15723 [Overlong nicks or targets may result in a NULL pointer dereference while splitting the message]
RESERVED
-CVE-2017-15722
+ - irssi <unfixed>
+CVE-2017-15722 [In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string]
RESERVED
-CVE-2017-15721
+ - irssi <unfixed>
+CVE-2017-15721 [Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference]
+ - irssi <unfixed>
RESERVED
CVE-2017-15720
RESERVED
@@ -1309,9 +1312,11 @@
RESERVED
CVE-2017-15229
RESERVED
-CVE-2017-15228
+CVE-2017-15228 [When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string]
RESERVED
-CVE-2017-15227
+ - irssi <unfixed>
+CVE-2017-15227 [While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on.]
+ - irssi <unfixed>
RESERVED
CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ...)
NOT-FOR-US: Zyxel
More information about the Secure-testing-commits
mailing list