Irssi 1.0.4 Released

Posted on July 7^th 2017

Irssi 1.0.4 has been released. This release fixes two remote crash issues in Irssi as well as a few bugs, correcting a mistake that was introduced in 1.0.3 while parsing some time-related settings. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Our bug reporter Brian 'geeknik' Carpenter writes:

34 days after reading Fuzzing Irssi, my AFL instance was finally able to trigger a null pointer dereference in irssi 1.0.2. [...] Hopefully this one isn't fixed yet.

35 days after reading Fuzzing Irssi, my AFL instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian 8 x64 following the instructions and patches of the referenced article. (;

For more information refer to the security advisory.

Thanks, Brian!

This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.