Upstream information

CVE-2017-14727 at MITRE

Description

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 1060140 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • weechat >= 1.5-2.6.1
  • weechat-aspell >= 1.5-2.6.1
  • weechat-aspell-debuginfo >= 1.5-2.6.1
  • weechat-debuginfo >= 1.5-2.6.1
  • weechat-debugsource >= 1.5-2.6.1
  • weechat-devel >= 1.5-2.6.1
  • weechat-doc >= 1.5-2.6.1
  • weechat-guile >= 1.5-2.6.1
  • weechat-guile-debuginfo >= 1.5-2.6.1
  • weechat-lang >= 1.5-2.6.1
  • weechat-lua >= 1.5-2.6.1
  • weechat-lua-debuginfo >= 1.5-2.6.1
  • weechat-perl >= 1.5-2.6.1
  • weechat-perl-debuginfo >= 1.5-2.6.1
  • weechat-python >= 1.5-2.6.1
  • weechat-python-debuginfo >= 1.5-2.6.1
  • weechat-ruby >= 1.5-2.6.1
  • weechat-ruby-debuginfo >= 1.5-2.6.1
  • weechat-tcl >= 1.5-2.6.1
  • weechat-tcl-debuginfo >= 1.5-2.6.1
Patchnames:
openSUSE-2017-1111
openSUSE Leap 42.3
  • weechat >= 1.8-3.1
  • weechat-aspell >= 1.8-3.1
  • weechat-aspell-debuginfo >= 1.8-3.1
  • weechat-debuginfo >= 1.8-3.1
  • weechat-debugsource >= 1.8-3.1
  • weechat-devel >= 1.8-3.1
  • weechat-doc >= 1.5-2.6.1
  • weechat-guile >= 1.8-3.1
  • weechat-guile-debuginfo >= 1.8-3.1
  • weechat-lang >= 1.8-3.1
  • weechat-lua >= 1.8-3.1
  • weechat-lua-debuginfo >= 1.8-3.1
  • weechat-perl >= 1.8-3.1
  • weechat-perl-debuginfo >= 1.8-3.1
  • weechat-python >= 1.8-3.1
  • weechat-python-debuginfo >= 1.8-3.1
  • weechat-ruby >= 1.8-3.1
  • weechat-ruby-debuginfo >= 1.8-3.1
  • weechat-tcl >= 1.8-3.1
  • weechat-tcl-debuginfo >= 1.8-3.1
Patchnames:
openSUSE-2017-1111