Priority Medium Description WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073 https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b https://weechat.org/download/security/ https://weechat.org/news/95/20170422-Version-1.7.1/ Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861121 Package Source: weechat ( LP Ubuntu Debian ) Upstream: released (1.7-3) Ubuntu 17.10 (Artful Aardvark) : released (1.7-3) Ubuntu 12.04 LTS (Precise Pangolin) : ignored (reached end-of-life) Ubuntu 14.04 LTS (Trusty Tahr) : released (0.4.2-3ubuntu0.1) Ubuntu Touch 15.04: DNE Ubuntu Core 15.04: DNE Ubuntu 16.04 LTS (Xenial Xerus) : rel...