Upstream has issued an advisory on June 29: https://www.openwall.com/lists/oss-security/2019/06/29/1 The issue is fixed upstream in 1.0.8 and 1.2.1. Mageia 6 is also affected.
Status comment: (none) => Fixed upstream in 1.0.8 and 1.2.1Whiteboard: (none) => MGA7TOO, MGA6TOO
Pushed updated pkgs to core/updates_testing: irssi-1.0.8-1.mga6 for mga6 irssi-1.2.1-1.mga7 for mga7 Please test.
CC: (none) => jani.valimaaAssignee: jani.valimaa => qa-bugs
mga7, x86_64 Installed irssi and irssi-perl, checked it out then updated it. Started irssi again in the terminal, signed in to #mageia-meeting, posted a greeting then used /help to look at the commands available and tried out a few. All working as expected.
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO, MGA6TOO MGA7-64-OKCC: (none) => tarazed25
mga6, x86_64 SASL not configured so immune to the bug. Login in a terminal using the irssi command and the existing .irssi/config file. Joined the #mageia-meeting channel at Freenode. Tried out /help and a few of the commands. No problems; /part, /quit.
Whiteboard: MGA7TOO, MGA6TOO MGA7-64-OK => MGA7TOO, MGA6TOO MGA7-64-OK MGA6-64-OK
Whiteboard: MGA7TOO, MGA6TOO MGA7-64-OK MGA6-64-OK => MGA6TOO MGA7-64-OK MGA6-64-OKVersion: Cauldron => 7
Advisory: ======================== Updated irssi package fixes security vulnerability: Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server (CVE-2019-13045). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13045 https://irssi.org/security/irssi_sa_2019_06.txt
Advisory uploaded, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0206.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Ubuntu advisory for this from July 4, for reference: https://usn.ubuntu.com/4046-1/