Candidate: CVE-2017-14727
PublicDate: 2017-09-23 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14727
 https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
 https://weechat.org/download/security/
 https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Description:
 logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via
 strftime date/time specifiers, because a buffer is not initialized.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_weechat:
upstream_weechat: released (1.9.1-1)
precise/esm_weechat: DNE
trusty_weechat: ignored (reached end-of-life)
trusty/esm_weechat: DNE (trusty was needed)
vivid/ubuntu-core_weechat: DNE
xenial_weechat: ignored (end of standard support, was needed)
zesty_weechat: ignored (reached end-of-life)
artful_weechat: ignored (reached end-of-life)
bionic_weechat: not-affected (1.9.1-1ubuntu1)
cosmic_weechat: not-affected (1.9.1-1ubuntu1)
disco_weechat: not-affected (1.9.1-1ubuntu1)
eoan_weechat: not-affected (1.9.1-1ubuntu1)
focal_weechat: not-affected (1.9.1-1ubuntu1)
groovy_weechat: not-affected (1.9.1-1ubuntu1)
hirsute_weechat: not-affected (1.9.1-1ubuntu1)
impish_weechat: not-affected (1.9.1-1ubuntu1)
jammy_weechat: not-affected (1.9.1-1ubuntu1)
devel_weechat: not-affected (1.9.1-1ubuntu1)