FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
81433129-2916-11e7-ad3e-00e04c1ea73dweechat -- multiple vulnerabilities

Common Vulnerabilities and Exposures:

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.


Discovery 2017-04-23
Entry 2017-04-24
weechat
< 1.7.1

https://weechat.org/download/security/
CVE-2017-8073
b63421b6-a1e0-11e7-ac58-b499baebfeafweechat -- crash in logger plugin

WeeChat reports:

security problem: a crash can happen in logger plugin when converting date/time specifiers in file mask.


Discovery 2017-09-23
Entry 2017-09-25
weechat
< 1.9.1

https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
CVE-2017-14727
65f05b71-0e3c-11ec-b335-d4c9ef517024WeeChat -- Crash when decoding a malformed websocket frame in relay plugin.

The WeeChat project reports:

Crash when decoding a malformed websocket frame in relay plugin.


Discovery 2021-09-04
Entry 2021-09-05
weechat
< 3.2.1

https://weechat.org/doc/security/
https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
8e3f1812-54d9-11ea-8d49-d4c9ef517024WeeChat -- Multiple vulnerabilities

The WeeChat project reports:

Buffer overflow when receiving a malformed IRC message 324 (channel mode). (CVE-2020-8955)

Buffer overflow when a new IRC message 005 is received with longer nick prefixes.

Crash when receiving a malformed IRC message 352 (WHO).


Discovery 2020-02-20
Entry 2020-02-21
weechat
< 2.7.1

https://weechat.org/doc/security/
CVE-2020-8955
e02c572f-2af0-11e2-bb44-003067b2972cweechat -- Crash or freeze when decoding IRC colors in strings

Sebastien Helleu reports:

A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings.

Workaround for a non-patched version: /set irc.network.colors_receive off


Discovery 2012-11-09
Entry 2012-11-10
Modified 2012-11-13
weechat
ge 0.3.6 lt 0.3.9.1

weechat-devel
ge 20110614 lt 20121110

CVE-2012-5854
ports/173513
http://weechat.org/security/
https://savannah.nongnu.org/bugs/?37704
81826d12-317a-11e2-9186-406186f3d89dweechat -- Arbitrary shell command execution via scripts

Sebastien Helleu reports:

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions.

Workaround with a non-patched version: remove/unload all scripts calling function hook_process (for maximum safety).


Discovery 2012-11-15
Entry 2012-11-18
Modified 2012-11-18
weechat
ge 0.3.0 lt 0.3.9.2

weechat-devel
< 20121118

http://weechat.org/security/
https://savannah.nongnu.org/bugs/?37764
3ba1ca94-a563-11ec-8be6-d4c9ef517024Weechat -- Possible man-in-the-middle attack in TLS connection to servers

The Weechat project reports:

After changing the options weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user, the TLS verification function is lost. Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attack. Connection to IRC servers with TLS is affected, as well as any connection a server made by a plugin or a script using the function hook_connect.


Discovery 2022-03-13
Entry 2022-03-16
weechat
< 3.4.1

https://weechat.org/doc/security/WSA-2022-1/