Bug 23317

Summary: Irssi 0.8.15 Released
Product: Sisyphus Reporter: Sir Raorn <raorn>
Component: irssiAssignee: Vladimir Lettiev <crux>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: enhancement    
Priority: P3 CC: crux
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://irssi.org/news

Description Sir Raorn 2010-04-11 00:26:34 MSD
The Irssi team is pleased to announce the 0.8.15 release of Irssi. It has been quite some time since our last release and there has been various feature enhancements and bugfixes added since then.

This release fixes two security issues: The first being that Irssi didn't check hostname on SSL connections and the other being a hard to exploit remote crash bug.
Comment 1 Repository Robot 2010-04-19 13:43:30 MSD
irssi-0.8.15-alt1 -> sisyphus:

* Mon Apr 19 2010 Vladimir V. Kamarzin <vvk@altlinux> 0.8.15-alt1

- 0.8.15 (Closes: #23317). Security fixes:
  + CVE-2010-1155 (poor verification the hostname of the server when
    using SSL connections)
  + CVE-2010-1156 (A NULL-pointer dereference error in
    src/core/nicklist.c can be exploited to cause a crash)