[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1
From: |
Sébastien Helleu |
Subject: |
[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1 |
Date: |
Sat, 23 Sep 2017 15:13:59 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hi all,
Date/time conversion specifiers are expanded after replacing buffer local
variables in name of log files. In some cases, this can lead to an error in
function strftime and a crash caused by the use of an uninitialized buffer.
This has been fixed in WeeChat 1.9.1, which was released a few hours ago.
This vulnerability affects WeeChat versions from 0.3.2 to 1.9.
Thanks to Joseph Bisch for reporting the problem.
For more info and a workaround, please visit the WeeChat security page:
https://weechat.org/download/security/
--
Sébastien Helleu
web: weechat.org / flashtux.org
irc: FlashCode @ irc.freenode.net
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Weechat-security] Security vulnerability fixed in WeeChat 1.9.1,
Sébastien Helleu <=