Debian
irssi package

Change logs for irssi source package in Buster

  1. Buster (10)
  2. Change log 
  • irssi (1.2.0-2+deb10u1) buster; urgency=medium

  * Import upstream security fix for CVE-2019-13045 (closes: #931264)

 -- Rhonda D'Vine <email address hidden>  Thu, 29 Jul 2021 14:11:39 +0200
  • irssi (1.2.0-2) unstable; urgency=medium

  [ Rhonda D'Vine ]
  * Install otr help file also in irssi-plugin-otr package (closes: #922145)
  * Add NEWS.Debian entry about the upgrade path for the stored OTR data.
  * New patch 99fix-big-endian-64bit-test pulled from upstream.

  [ Unit 193 ]
  * Remove the now-empty dh_strip override.

 -- Rhonda D'Vine <email address hidden>  Tue, 12 Feb 2019 21:59:00 +0100
  • irssi (1.1.2-1) unstable; urgency=high

  [ Daniel Kahn Gillmor ]
  * irssi Provides: irssi-abi-XXX for safer plugin packaging (Closes: #811445)

  [ Rhonda D'Vine ]
  * Bump Standards-Version to 4.2.1.
  * New upstream bugfix release, fixing CVE-2019-5882 (closes: #918865)

 -- Rhonda D'Vine <email address hidden>  Fri, 21 Sep 2018 16:57:51 +0200
  • irssi (1.1.1-1) unstable; urgency=medium

  [ Rhonda D'Vine ]
  * New upstream release.
  * Uploaded from mIRC.
  * Adjust 03firsttimer_text patch for new location of the text.
  * Update copyright format URL to use https.
  * Install example scripts.
  * Bump Standards-Version to 4.1.4.
  * Move repository to salsa, update Vcs-* URLs.

  [ Unit 193 ]
  * Use https for upstream homepage.
  * /connect OFTC instead of irc.debian.org to get an ssl connection.

 -- Rhonda D'Vine <email address hidden>  Wed, 25 Jul 2018 10:09:40 +0800
  • irssi (1.0.7-1) unstable; urgency=high

  * New upstream bugfix release (closes: #886475):
    From 1.0.6:
    - Fix invalid memory access when reading hilight configuration
      (#787, #788).
    - Fix null pointer dereference when the channel topic is set
      without specifying a sender [CVE-2018-5206]
    - Fix return of random memory when using incomplete escape
      codes [CVE-2018-5205]
    - Fix heap buffer overflow when completing certain strings
      [CVE-2018-5208]
    - Fix return of random memory when using an incomplete
      variable argument [CVE-2018-5207]

    From 1.0.7:
    - Prevent use after free error during the execution of some
      commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
    - Revert netsplit print optimisation due to crashes
    - Fix use after free when SASL messages are received in
      unexpected order [CVE-2018-7053] (closes: #890675)
    - Fix null pointer dereference in the tab completion when an
      empty nick is joined [CVE-2018-7050] (closes: #890678)
    - Fix use after free when entering oper password
    - Fix null pointer dereference when too many windows are
      opened [CVE-2018-7052] (closes: #890676)
    - Fix out of bounds access in theme strings when the last
      escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
      (closes: #890677)
    - Fix out of bounds write when using negative counts on window
      resize
    - Minor help correction. By William Jackson

  * Fix watch URL.
  * Bump to debhelper compat 11, remove autotools-dev Build-Depends.
  * Bump Standards-Version to 4.1.3.
  * Add lintian overrides for the spelling of "hilight" in the changelog
    mentioning the lintian overrides for the spelling of "hilight" in irssi
    itself.

 -- Rhonda D'Vine <email address hidden>  Tue, 06 Mar 2018 14:42:44 +0100
  • irssi (1.0.5-1) unstable; urgency=high

  * New upstream bugfix release (closes: #879521):
    - Fix missing -sasl_method '' in /NETWORK.
    - Fix incorrect restoration of term state when hitting SUSP
      inside screen.
    - Fix out of bounds read when compressing colour
      sequences. Found by Hanno Böck. [CVE-2017-15228]
    - Fix use after free condition during a race condition when
      waiting on channel sync during a rejoin [CVE-2017-15227]
    - Fix null pointer dereference when parsing certain malformed
      CTCP DCC messages. [CVE-2017-15721]
    - Fix crash due to null pointer dereference when failing to
      split messages due to overlong nick or target. [CVE-2017-15723]
    - Fix out of bounds read when trying to skip a safe channel ID
      without verifying that the ID is long enough. [CVE-2017-15722]
    - Fix return of random memory when inet_ntop failed.
    - Minor statusbar help update.
  * Remove deprecated --with autotools_dev call to dh.
  * Bump Standards-Version to 4.1.1.
  * Change priority of irssi-dev from deprecated extra to optional.
  * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
    directly.

 -- Rhonda D'Vine <email address hidden>  Mon, 06 Nov 2017 16:24:38 +0100
  • irssi (1.0.4-1) unstable; urgency=high

  * New upstream bugfix release (closes: #867598):
    - Fix null pointer dereference when parsing invalid timestamp.
      Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
    - Fix use-after-free condition when removing nicks from the internal
      nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
    - Fix incorrect string comparison in DCC file names.
    - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
    - Fix a bug when using \n to separate lines with expand_escapes.
    - Retain screen output on improper exit, to better see any error
      messages.
    - Minor help update.

 -- Rhonda D'Vine <email address hidden>  Tue, 11 Jul 2017 07:17:19 +0200