Resolve CVE-2009-1959

irssi-CVE-2009-1959.patch

@@ -0,0 +1,11 @@
+--- irssi-0.8.13/src/fe-common/irc/fe-events.c	2008/11/09 23:06:37	4889
++++ irssi-0.8.13/src/fe-common/irc/fe-events.c	2009/05/15 11:54:33	5068
+@@ -298,7 +298,7 @@
+ 
+ 		tmp = g_strdup(data+8);
+ 		len = strlen(tmp);
+-		if (tmp[len-1] == 1) tmp[len-1] = '\0';
++		if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0';
+ 		printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp);
+ 		g_free(tmp);
+ 	}

irssi.spec

@@ -3,14 +3,14 @@
 Summary:	Modular text mode IRC client with Perl scripting
 Name:		irssi
 Version:	0.8.13
-Release:	1%{?dist}
+Release:	2%{?dist}
 
 License:	GPLv2+
 Group:		Applications/Communications
 URL:		http://irssi.org/
 Source0:	http://irssi.org/files/irssi-%{version}.tar.gz
 Source1:	irssi-config.h
-
+Patch0:		irssi-CVE-2009-1959.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:	ncurses-devel openssl-devel zlib-devel 
 BuildRequires:	pkgconfig glib2-devel perl-devel perl(ExtUtils::Embed)
@@ -36,7 +36,7 @@ being maintained.
 
 %prep
 %setup -q -n %{name}-%{version}
-
+%patch0 -p1
 %build
 %configure --enable-ipv6 --with-textui	\
 	--with-proxy			\
@@ -85,6 +85,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Jun 23 2009 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 0.8.13-2
+- Resolve CVE-2009-1959
+
 * Fri May  1 2009 Marek Mahut <mmahut@fedoraproject.org> - 0.8.13-1
 - Upstream release