Upstream has issued an advisory on June 29:
The issue is fixed upstream in 1.0.8 and 1.2.1.
Mageia 6 is also affected.
Fixed upstream in 1.0.8 and 1.2.1Whiteboard:
Pushed updated pkgs to core/updates_testing:
irssi-1.0.8-1.mga6 for mga6
irssi-1.2.1-1.mga7 for mga7
Installed irssi and irssi-perl, checked it out then updated it.
Started irssi again in the terminal, signed in to #mageia-meeting, posted a greeting then used /help to look at the commands available and tried out a few. All working as expected.
MGA7TOO, MGA6TOO =>
MGA7TOO, MGA6TOO MGA7-64-OKCC:
SASL not configured so immune to the bug.
Login in a terminal using the irssi command and the existing .irssi/config file.
Joined the #mageia-meeting channel at Freenode. Tried out /help and a few of the commands.
No problems; /part, /quit.
MGA7TOO, MGA6TOO MGA7-64-OK =>
MGA7TOO, MGA6TOO MGA7-64-OK MGA6-64-OK
MGA7TOO, MGA6TOO MGA7-64-OK MGA6-64-OK =>
MGA6TOO MGA7-64-OK MGA6-64-OKVersion:
Updated irssi package fixes security vulnerability:
Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use
after free when sending SASL login to the server (CVE-2019-13045).
Advisory uploaded, validating.
An update for this issue has been pushed to the Mageia Updates repository.
Ubuntu advisory for this from July 4, for reference: