Security update for weechat SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1150-1 Final 1 1 2017-05-02T14:10:45Z current 2017-05-02T14:10:45Z 2017-05-02T14:10:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for weechat This update for weechat fixes one security issues: - CVE-2017-8073: WeeChat allowed a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow (bsc#1036467). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00005.html E-Mail link for openSUSE-SU-2017:1150-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 weechat-1.5-2.3.1 weechat-aspell-1.5-2.3.1 weechat-devel-1.5-2.3.1 weechat-doc-1.5-2.3.1 weechat-guile-1.5-2.3.1 weechat-lang-1.5-2.3.1 weechat-lua-1.5-2.3.1 weechat-perl-1.5-2.3.1 weechat-python-1.5-2.3.1 weechat-ruby-1.5-2.3.1 weechat-tcl-1.5-2.3.1 weechat-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-aspell-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-devel-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-doc-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-guile-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-lang-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-lua-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-perl-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-python-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-ruby-1.5-2.3.1 as a component of openSUSE Leap 42.2 weechat-tcl-1.5-2.3.1 as a component of openSUSE Leap 42.2 WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. CVE-2017-8073 openSUSE Leap 42.2:weechat-1.5-2.3.1 openSUSE Leap 42.2:weechat-aspell-1.5-2.3.1 openSUSE Leap 42.2:weechat-devel-1.5-2.3.1 openSUSE Leap 42.2:weechat-doc-1.5-2.3.1 openSUSE Leap 42.2:weechat-guile-1.5-2.3.1 openSUSE Leap 42.2:weechat-lang-1.5-2.3.1 openSUSE Leap 42.2:weechat-lua-1.5-2.3.1 openSUSE Leap 42.2:weechat-perl-1.5-2.3.1 openSUSE Leap 42.2:weechat-python-1.5-2.3.1 openSUSE Leap 42.2:weechat-ruby-1.5-2.3.1 openSUSE Leap 42.2:weechat-tcl-1.5-2.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00005.html https://www.suse.com/security/cve/CVE-2017-8073.html CVE-2017-8073 https://bugzilla.suse.com/1036467 SUSE Bug 1036467