Ubuntu has issued an advisory on January 17: https://usn.ubuntu.com/3862-1/ The CVE description says only 1.1.x is affected, but Ubuntu says otherwise.
Version: Cauldron => 6
Patched package uploaded for Mageia 6 by Jani. Advisory: ======================== Updated irssi packages fix security vulnerability: It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code (CVE-2018-5882). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5882 https://usn.ubuntu.com/3862-1/ ======================== Updated packages in core/updates_testing: ======================== irssi-1.0.7-1.1.mga6 irssi-devel-1.0.7-1.1.mga6 irssi-perl-1.0.7-1.1.mga6 from irssi-1.0.7-1.1.mga6.src.rpm
CC: (none) => jani.valimaaAssignee: jani.valimaa => qa-bugs
mga6, x86_64 The packages updated cleanly. Launched irssi from the command line, relying on the personal configuration file. No problems apparent. Joined #mageia-meeting. Not much going on there of course. Signed out OK. Looks good for 64-bits.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0091.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
The CVE is CVE-2019-5882, not CVE-2018-5882.
Thanks. I fixed the advisory in SVN, so the one on the wiki should get fixed the next time updates are pushed.
Summary: irssi new security issue CVE-2018-5882 => irssi new security issue CVE-2019-5882