PublicDateAtUSN: 2017-06-06
Candidate: CVE-2017-9469
PublicDate: 2017-06-07 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
 https://irssi.org/security/irssi_sa_2017_06.txt
 http://openwall.com/lists/oss-security/2017/06/06/4
 https://ubuntu.com/security/notices/USN-3317-1
Description:
 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files,
 it tries to find the terminating quote one byte before the allocated
 memory. Thus, remote attackers might be able to cause a crash.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Joseph Bisch
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_irssi:
 upstream: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65
upstream_irssi: needs-triage
precise/esm_irssi: DNE
trusty_irssi: released (0.8.15-5ubuntu3.2)
trusty/esm_irssi: DNE (trusty was released [0.8.15-5ubuntu3.2])
vivid/stable-phone-overlay_irssi: DNE
vivid/ubuntu-core_irssi: DNE
xenial_irssi: released (0.8.19-1ubuntu1.4)
esm-infra/xenial_irssi: released (0.8.19-1ubuntu1.4)
yakkety_irssi: released (0.8.19-1ubuntu2.2)
zesty_irssi: released (0.8.20-2ubuntu2.1)
devel_irssi: released (1.0.3-1ubuntu1)