Bug 24207 - irssi new security issue CVE-2019-5882
Summary: irssi new security issue CVE-2019-5882
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-01-19 17:09 CET by David Walser
Modified: 2019-03-02 03:41 CET (History)
4 users (show)

See Also:
Source RPM: irssi-1.0.7-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-01-19 17:09:48 CET
Ubuntu has issued an advisory on January 17:
https://usn.ubuntu.com/3862-1/

The CVE description says only 1.1.x is affected, but Ubuntu says otherwise.
David Walser 2019-02-02 20:05:54 CET

Version: Cauldron => 6

Comment 1 David Walser 2019-02-19 18:16:40 CET
Patched package uploaded for Mageia 6 by Jani.

Advisory:
========================

Updated irssi packages fix security vulnerability:

It was discovered that Irssi incorrectly handled certain inputs. An attacker
could possibly use this issue to cause a denial of service or to execute
arbitrary code (CVE-2018-5882).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5882
https://usn.ubuntu.com/3862-1/
========================

Updated packages in core/updates_testing:
========================
irssi-1.0.7-1.1.mga6
irssi-devel-1.0.7-1.1.mga6
irssi-perl-1.0.7-1.1.mga6

from irssi-1.0.7-1.1.mga6.src.rpm

CC: (none) => jani.valimaa
Assignee: jani.valimaa => qa-bugs

Comment 2 Len Lawrence 2019-02-20 01:43:25 CET
mga6, x86_64

The packages updated cleanly.  Launched irssi from the command line, relying on the personal configuration file.  No problems apparent.  Joined #mageia-meeting.
Not much going on there of course.  Signed out OK.
 
Looks good for 64-bits.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Dave Hodgins 2019-02-20 20:27:54 CET

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2019-02-20 21:58:39 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0091.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 Zero King 2019-03-02 03:39:21 CET
The CVE is CVE-2019-5882, not CVE-2018-5882.
Comment 5 David Walser 2019-03-02 03:41:50 CET
Thanks.  I fixed the advisory in SVN, so the one on the wiki should get fixed the next time updates are pushed.

Summary: irssi new security issue CVE-2018-5882 => irssi new security issue CVE-2019-5882


Note You need to log in before you can comment on or make changes to this bug.