[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1

weechat-security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1

From:	Sébastien Helleu
Subject:	[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1
Date:	Sat, 23 Sep 2017 15:13:59 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

Hi all,

Date/time conversion specifiers are expanded after replacing buffer local
variables in name of log files.  In some cases, this can lead to an error in
function strftime and a crash caused by the use of an uninitialized buffer.

This has been fixed in WeeChat 1.9.1, which was released a few hours ago.

This vulnerability affects WeeChat versions from 0.3.2 to 1.9.

Thanks to Joseph Bisch for reporting the problem.

For more info and a workaround, please visit the WeeChat security page:
https://weechat.org/download/security/

-- 
Sébastien Helleu

web: weechat.org / flashtux.org
irc: FlashCode @ irc.freenode.net

[Prev in Thread]

Current Thread

[Next in Thread]

[Weechat-security] Security vulnerability fixed in WeeChat 1.9.1, Sébastien Helleu <=

Index(es):
- Date
- Thread