Candidate: CVE-2017-8073
PublicDate: 2017-04-23 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073
 https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
 https://weechat.org/download/security/
 https://weechat.org/news/95/20170422-Version-1.7.1/
Description:
 WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to
 the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes
 function during quote removal, with a buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_weechat:
upstream_weechat: released (1.7-3)
precise_weechat: ignored (reached end-of-life)
trusty_weechat: released (0.4.2-3ubuntu0.1)
trusty/esm_weechat: DNE (trusty was released [0.4.2-3ubuntu0.1])
vivid/stable-phone-overlay_weechat: DNE
vivid/ubuntu-core_weechat: DNE
xenial_weechat: released (1.4-2ubuntu0.1)
yakkety_weechat: released (1.5-1ubuntu0.1)
zesty_weechat: released (1.7-2ubuntu0.1)
devel_weechat: released (1.7-3)