openSUSE has issued an advisory on September 30:
The issue was fixed upstream in 1.9.1 and in a commit linked from the SUSE bug:
Mageia 5 and Mageia 6 are also affected.
Upgraded cauldron to 1.9.1. Added upstream patch to mga6 to fix the CVE. Working on modifying the patch for mga5 (or finding another distro who has already done so).
Updated package uploaded for cauldron. Patched package uploaded for Mageia 6 and 5.
Patched weechat package fixes security vulnerabilities:
It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized (CVE-2017-14727).
Updated packages in core/updates_testing:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=20756#c7
MGA6TOO, MGA5TOO =>
Installed and tested without issues.
Tests included connecting to a server, joining a chat room, reading and posting messages and transfer files.
I don't usually use weechat, so can't say if all is working as expected, but all I tried seemed to work correctly.
System: Mageia 5, x86_64, Intel CPU.
$ uname -a
Linux marte 4.4.89-desktop-1.mga5 #1 SMP Wed Sep 27 16:25:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q weechat
Testing on mga6 for x86_64.
Needed a refresher on this one. Installed everything in the list and familiarized myself with the interface and as before joined the Mageia QA channel without a password. Nobody talking, waited a while and left.
Installed the updates and invoked weechat again.
Modified some of the default irc settings after consulting /help and /set irc.*.
Set an alias for chat.freenode.net and connected to freenode then
Posted a couple of messages and left the chatroom.
We should really check out the scripting facilities but I suspect that might require too much involvement.
It all looks perfectly OK.
MGA5TOO MGA5-64-OK =>
MGA5TOO MGA5-64-OK MGA6-64-OK
Advisory from comments 2 + 0.
Validating as it has a good test for each of Mageia 5 & 6.
Closing as Mageia robot failed to do so due to lack of permissions, which has
now been fixed.
An update for this issue has been pushed to the Mageia Updates repository.