From 7d0dbe51bc2e1fc7632d7e0b3e4034aa35e32c4e Mon Sep 17 00:00:00 2001 From: Huzaifa Sidhpurwala Date: Tue, 23 Jun 2009 10:47:21 +0000 Subject: [PATCH] Resolve CVE-2009-1959 --- irssi-CVE-2009-1959.patch | 11 +++++++++++ irssi.spec | 9 ++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 irssi-CVE-2009-1959.patch diff --git a/irssi-CVE-2009-1959.patch b/irssi-CVE-2009-1959.patch new file mode 100644 index 0000000..1d67d32 --- /dev/null +++ b/irssi-CVE-2009-1959.patch @@ -0,0 +1,11 @@ +--- irssi-0.8.13/src/fe-common/irc/fe-events.c 2008/11/09 23:06:37 4889 ++++ irssi-0.8.13/src/fe-common/irc/fe-events.c 2009/05/15 11:54:33 5068 +@@ -298,7 +298,7 @@ + + tmp = g_strdup(data+8); + len = strlen(tmp); +- if (tmp[len-1] == 1) tmp[len-1] = '\0'; ++ if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0'; + printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp); + g_free(tmp); + } diff --git a/irssi.spec b/irssi.spec index b552195..5c06bdb 100644 --- a/irssi.spec +++ b/irssi.spec @@ -3,14 +3,14 @@ Summary: Modular text mode IRC client with Perl scripting Name: irssi Version: 0.8.13 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: Applications/Communications URL: http://irssi.org/ Source0: http://irssi.org/files/irssi-%{version}.tar.gz Source1: irssi-config.h - +Patch0: irssi-CVE-2009-1959.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildRequires: ncurses-devel openssl-devel zlib-devel BuildRequires: pkgconfig glib2-devel perl-devel perl(ExtUtils::Embed) @@ -36,7 +36,7 @@ being maintained. %prep %setup -q -n %{name}-%{version} - +%patch0 -p1 %build %configure --enable-ipv6 --with-textui \ --with-proxy \ @@ -85,6 +85,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Jun 23 2009 Huzaifa Sidhpurwala - 0.8.13-2 +- Resolve CVE-2009-1959 + * Fri May 1 2009 Marek Mahut - 0.8.13-1 - Upstream release