security update for weechat
- added weechat-fix-hook_process-shell-injection.patch which fixes
a shell injection vulnerability in the hook_process function
(bnc#790217, CVE-2012-5534)
- added weechat-fix-buffer-overflow-in-irc-color-decoding.patch
which fixes a heap-based overflow when decoding IRC colors in
strings (bnc#789146, CVE-2012-5854)
-
Submitted by
Guido Berhoerster (gberh)
Fixed bugs
bnc#790217
weechat: hook_process script function vulnerable to shell injection
bnc#789146
weechat: heap-based buffer overflow in Weechat below 0.3.9.1
