PublicDateAtUSN: 2018-01-06
Candidate: CVE-2018-5208
PublicDate: 2018-01-06 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
 https://irssi.org/security/irssi_sa_2018_01.txt
 https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 https://ubuntu.com/security/notices/USN-3527-1
Description:
 In Irssi before 1.0.6, a calculation error in the completion code could
 cause a heap buffer overflow when completing certain strings.
Ubuntu-Description:
Notes:
 ratliff> GL#19, GL!27
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886475
Priority: medium
Discovered-by: Joseph Bisch
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_irssi:
 upstream: https://github.com/irssi/irssi/commit/94f0cbe34a2089d00ba1bf61e9c2b28318f953b9
upstream_irssi: needs-triage
precise/esm_irssi: DNE
trusty_irssi: released (0.8.15-5ubuntu3.4)
trusty/esm_irssi: DNE (trusty was released [0.8.15-5ubuntu3.4])
xenial_irssi: released (0.8.19-1ubuntu1.6)
esm-infra/xenial_irssi: released (0.8.19-1ubuntu1.6)
zesty_irssi: released (0.8.20-2ubuntu2.3)
artful_irssi: released (1.0.4-1ubuntu2.2)
devel_irssi: released (1.0.5-1ubuntu2)