PublicDateAtUSN: 2018-01-06
Candidate: CVE-2018-5205
PublicDate: 2018-01-06 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
 https://irssi.org/security/irssi_sa_2018_01.txt
 https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 https://ubuntu.com/security/notices/USN-3527-1
Description:
 When using incomplete escape codes, Irssi before 1.0.6 may access data
 beyond the end of the string.
Ubuntu-Description:
Notes:
 ratliff> GL#21, GL!26
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886475
Priority: medium
Discovered-by: Joseph Bisch
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_irssi:
 upstream: https://github.com/irssi/irssi/commit/f5c3995feaf70b06225f6af4a126ba33adcd4f6c
upstream_irssi: needs-triage
precise/esm_irssi: DNE
trusty_irssi: released (0.8.15-5ubuntu3.4)
trusty/esm_irssi: DNE (trusty was released [0.8.15-5ubuntu3.4])
xenial_irssi: released (0.8.19-1ubuntu1.6)
esm-infra/xenial_irssi: released (0.8.19-1ubuntu1.6)
zesty_irssi: released (0.8.20-2ubuntu2.3)
artful_irssi: released (1.0.4-1ubuntu2.2)
devel_irssi: released (1.0.5-1ubuntu2)