A CVE has been assigned for an issue fixed in the buf.pl file shipped with irssi: http://www.openwall.com/lists/oss-security/2016/09/26/4
Fedora has issued an advisory for this on October 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WUJ5QGF7IUNO3MJE76PYJHMHXYMAGNU/
URL: (none) => http://lwn.net/Vulnerabilities/703245/
SRPMS: irssi-0.8.16-4.1.mga5
CC: (none) => mageiaVersion: Cauldron => 5Assignee: cooker => qa-bugs
fixed in mga5 updates
Advisory: ======================== Updated irssi packages fix security vulnerability: An information disclosure vulnerability was found in the buf.pl core script for irssi. Other users on the same machine may be able to retrieve the whole window contents after /UPGRADE when the buf.pl script is loaded. Furthermore, this dump of the windows contents is never removed afterwards (CVE-2016-7553). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WUJ5QGF7IUNO3MJE76PYJHMHXYMAGNU/ ======================== Updated packages in core/updates_testing: ======================== irssi-0.8.16-4.1.mga5 irssi-perl-0.8.16-4.1.mga5 irssi-devel-0.8.16-4.1.mga5 from irssi-0.8.16-4.1.mga5.src.rpm
New Advisory: ======================== Updated irssi packages fix security vulnerability: An information disclosure vulnerability was found in the buf.pl core script for irssi. Other users on the same machine may be able to retrieve the whole window contents after /UPGRADE when the buf.pl script is loaded. Furthermore, this dump of the windows contents is never removed afterwards (CVE-2016-7553). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WUJ5QGF7IUNO3MJE76PYJHMHXYMAGNU/ ======================== Updated packages in core/updates_testing: ======================== irssi-0.8.20-1.mga5 irssi-perl-0.8.20-1.mga5 irssi-devel-0.8.20-1.mga5 from irssi-0.8.20.1.mga5.src.rpm
Installing this on x86_64. Don't really understand the language used so leaving out any specific testing. It is my preferred IRC client so it will be in use for tonight's meeting.
CC: (none) => tarazed25
MGA5-32 on AcerD620 Xfce No installation issues irssi launches from CLI and the help command works, leaving the rest to Len to OK.
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #7) > MGA5-32 on AcerD620 Xfce > No installation issues > irssi launches from CLI and the help command works, leaving the rest to Len > to OK. Len is testing 64-bit. Are you able to do like him and use IRSSI, for 32-bit? If not, I will have a go.
CC: (none) => lewyssmith
Launched irssi from the command line and joined #mageia-qa and left again. Leaving it online. Shall validate it after the meeting.
@Lewis: no, I am not familiar at all with irssi, and have not enough time to masrer it before today's meeting.
Well the policy has been spelled out at the meeting so this can go on to updates.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-64-OKCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: MGA5-64-OK => MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0384.html
Status: NEW => RESOLVEDResolution: (none) => FIXED