Bug 24207

Summary: irssi new security issue CVE-2019-5882
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, jani.valimaa, sysadmin-bugs, tarazed25
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: irssi-1.0.7-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2019-01-19 17:09:48 CET 
Ubuntu has issued an advisory on January 17:
https://usn.ubuntu.com/3862-1/

The CVE description says only 1.1.x is affected, but Ubuntu says otherwise.
David Walser 2019-02-02 20:05:54 CET

Version: Cauldron => 6

Comment 1 David Walser 2019-02-19 18:16:40 CET 
Patched package uploaded for Mageia 6 by Jani.

Advisory:
========================

Updated irssi packages fix security vulnerability:

It was discovered that Irssi incorrectly handled certain inputs. An attacker
could possibly use this issue to cause a denial of service or to execute
arbitrary code (CVE-2018-5882).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5882
https://usn.ubuntu.com/3862-1/
========================

Updated packages in core/updates_testing:
========================
irssi-1.0.7-1.1.mga6
irssi-devel-1.0.7-1.1.mga6
irssi-perl-1.0.7-1.1.mga6

from irssi-1.0.7-1.1.mga6.src.rpm

CC: (none) => jani.valimaa
Assignee: jani.valimaa => qa-bugs

Comment 2 Len Lawrence 2019-02-20 01:43:25 CET 
mga6, x86_64

The packages updated cleanly.  Launched irssi from the command line, relying on the personal configuration file.  No problems apparent.  Joined #mageia-meeting.
Not much going on there of course.  Signed out OK.
 
Looks good for 64-bits.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Dave Hodgins 2019-02-20 20:27:54 CET

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2019-02-20 21:58:39 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0091.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 Zero King 2019-03-02 03:39:21 CET 
The CVE is CVE-2019-5882, not CVE-2018-5882.
Comment 5 David Walser 2019-03-02 03:41:50 CET 
Thanks.  I fixed the advisory in SVN, so the one on the wiki should get fixed the next time updates are pushed.

Summary: irssi new security issue CVE-2018-5882 => irssi new security issue CVE-2019-5882