Bug 29513

Summary: weechat new security issue CVE-2021-40516
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, brtians1, davidwhodgins, mageia, smelror, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: weechat-3.0-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-10-01 16:17:01 CEST 
Debian-LTS has issued an advisory on September 30:
https://www.debian.org/lts/security/2021/dla-2770

The issue is fixed upstream in 3.2.1.
David Walser 2021-10-01 16:17:17 CEST

CC: (none) => smelror
Status comment: (none) => Fixed upstream in 3.2.1

Comment 1 Lewis Smith 2021-10-01 20:04:41 CEST 
We have 3.2.1 in Cauldron.
Assigning this to Stig who did that (+ prev & next versions).

Assignee: bugsquad => smelror

Comment 2 Nicolas Lécureuil 2021-10-03 01:28:48 CEST 
fixes in mga8:

src:
    - weechat-3.0-1.1.mga8

CC: (none) => mageia
Assignee: smelror => qa-bugs

Comment 3 David Walser 2021-10-03 01:31:49 CEST 
weechat-perl-3.0-1.1.mga8
weechat-tcl-3.0-1.1.mga8
weechat-guile-3.0-1.1.mga8
weechat-ruby-3.0-1.1.mga8
weechat-python-3.0-1.1.mga8
weechat-lua-3.0-1.1.mga8
weechat-devel-3.0-1.1.mga8
weechat-aspell-3.0-1.1.mga8
weechat-charset-3.0-1.1.mga8
weechat-3.0-1.1.mga8

from weechat-3.0-1.1.mga8.src.rpm

Status comment: Fixed upstream in 3.2.1 => (none)

Comment 4 Brian Rockwell 2021-10-04 02:59:25 CEST 
MGA8-64, Xfce

The following 12 packages are going to be installed:

- guile3.0-runtime-3.0.4-3.mga8.x86_64
- lib64gc1-8.0.4-2.mga8.x86_64
- lib64guile3.0_1-3.0.4-3.mga8.x86_64
- weechat-3.0-1.1.mga8.x86_64
- weechat-aspell-3.0-1.1.mga8.x86_64
- weechat-charset-3.0-1.1.mga8.x86_64
- weechat-guile-3.0-1.1.mga8.x86_64
- weechat-lua-3.0-1.1.mga8.x86_64
- weechat-perl-3.0-1.1.mga8.x86_64
- weechat-python-3.0-1.1.mga8.x86_64
- weechat-ruby-3.0-1.1.mga8.x86_64
- weechat-tcl-3.0-1.1.mga8.x86_64

Connected to libera

chatted

working as designed.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => brtians1

Comment 5 Thomas Andrews 2021-10-04 20:14:26 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-10-06 19:38:11 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2021-10-06 21:43:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0466.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED