Upstream has issued an advisory on February 15: https://irssi.org/security/irssi_sa_2018_02.txt The issues are fixed upstream in 1.0.7 and 1.1.1. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Status comment: (none) => Fixed upstream in 1.0.7 and 1.1.1
Updated packages uploaded by Jani. Thanks Jani! Advisory: ======================== Updated irssi packages fix security vulnerabilities: Null pointer dereference when an "empty" nick has been observed by Irssi (CVE-2018-7050). Certain nick names could result in out of bounds access when printing theme strings (CVE-2018-7051). When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference (CVE-2018-7052). Use after free when SASL messages are received in unexpected order (CVE-2018-7053). Use after free when server is disconnected during netsplits (CVE-2018-7054). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054 https://irssi.org/security/irssi_sa_2018_02.txt ======================== Updated packages in core/updates_testing: ======================== irssi-1.0.7-1.mga6 irssi-devel-1.0.7-1.mga6 irssi-perl-1.0.7-1.mga6 from irssi-1.0.7-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: jani.valimaa => qa-bugsStatus comment: Fixed upstream in 1.0.7 and 1.1.1 => (none)CC: (none) => jani.valimaa
Mageia 6 :: x86_64 Use this habitually so there was a local config file available. Invoked irssi on the command-line and joined #mageia-qa. Nobody talking. Placed a couple of messages then /part. Explored some of the commands using the help system. It all looks fine.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0132.html
Status: NEW => RESOLVEDResolution: (none) => FIXEDCC: (none) => tmb