| Summary: | irssi new security issues upstream in 1.2.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, geiger.david68210, jani.valimaa, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA8-64-OK MGA7-64-OK | ||
| Source RPM: | irssi-1.2.2-3.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-05-31 00:05:10 CEST
David Walser
2021-05-31 00:05:25 CEST
CC:
(none) =>
geiger.david68210 fixed in mga7/8
src:
- mga7:
- libnsl-1.3.0-1.mga7
- irssi-1.2.3-1.mga7
- mga8:
- irssi-1.2.3-1.mga8Assignee:
jani.valimaa =>
qa-bugs I think importing libnsl to mga7 is a wrong approach as when mga7 was released libnsl.so was living in glibc-devel. Just remove 'pkgconfig(libnsl)' BR from mga7 irssi. CC:
(none) =>
jani.valimaa yes, libnsl does not belong in Mageia 7 Assigning back to Nicholas as Mageia 7 isn't done. Package list for Mageia 8: irssi-1.2.3-1.mga8 irssi-perl-1.2.3-1.mga8 irssi-devel-1.2.3-1.mga8 irssi-otr-1.2.3-1.mga8 Assignee:
qa-bugs =>
mageia fixing package list as it now builds.
fixed in mga7/8
src:
- mga7:
- irssi-1.2.3-1.mga7
- mga8:
- irssi-1.2.3-1.mga8
Nicolas Lécureuil
2021-06-06 19:21:09 CEST
Assignee:
mageia =>
qa-bugs RPMS for Mageia 7: irssi-1.2.3-1.mga7 irssi-devel-1.2.3-1.mga7 irssi-perl-1.2.3-1.mga7 irssi-otr-1.2.3-1.mga7 The following 6 packages are going to be installed: - irssi-1.2.3-1.mga8.x86_64 - irssi-devel-1.2.3-1.mga8.x86_64 - irssi-otr-1.2.3-1.mga8.x86_64 - irssi-perl-1.2.3-1.mga8.x86_64 - lib64otr5-4.1.1-3.mga8.x86_64 - lib64utf8proc2-2.6.1-1.mga8.x86_64 logged into freenode and #mageia definitely sending commands and seeing transactions. working Whiteboard:
MGA7TOO =>
MGA7TOO MGA8-64-OK MGA7-64 The following 6 packages are going to be installed: - irssi-1.2.3-1.mga7.x86_64 - irssi-devel-1.2.3-1.mga7.x86_64 - irssi-otr-1.2.3-1.mga7.x86_64 - irssi-perl-1.2.3-1.mga7.x86_64 - lib64otr5-4.1.1-2.mga7.x86_64 - lib64utf8proc2-2.3.0-1.mga7.x86_64 visited freenode #mageia working as designed. Whiteboard:
MGA7TOO MGA8-64-OK =>
MGA7TOO MGA8-64-OK MGA7-64-OK Validating. Keywords:
(none) =>
validated_update Advisory: ======================== Updated irssi packages fix security vulnerabilities The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: * memory handling issues * memory leaks * erroneous free * crashes / freezes * null pointer dereference when receiving broken JOIN record. References: https://bugs.mageia.org/show_bug.cgi?id=29060 https://irssi.org/2021/04/11/irssi-1.2.3-released/ https://irssi.org/NEWS/#v1-2-3 ======================== Updated packages in 7/core/updates_testing: ======================== irssi-1.2.3-1.mga7 irssi-devel-1.2.3-1.mga7 irssi-perl-1.2.3-1.mga7 irssi-otr-1.2.3-1.mga7 from SRPM: irssi-1.2.3-1.mga7.src.rpm ======================== Updated packages in 8/core/updates_testing: ======================== irssi-1.2.3-1.mga8 irssi-perl-1.2.3-1.mga8 irssi-devel-1.2.3-1.mga8 irssi-otr-1.2.3-1.mga8 from SRPM irssi-1.2.3-1.mga8.src.rpm CC:
(none) =>
ouaurelien An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0255.html Status:
NEW =>
RESOLVED |