25388 – irssi new security issue CVE-2019-15717

Bug 25388 - irssi new security issue CVE-2019-15717

Summary: irssi new security issue CVE-2019-15717

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2019-08-31 03:25 CEST by David Walser
Modified:	2019-09-06 23:11 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	irssi-1.2.1-2.mga8.src.rpm
CVE:
Status comment:	Fixed upstream in 1.2.2

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-08-31 03:25:53 CEST

A security issue has been fixed in irssi 1.2.2:
https://www.openwall.com/lists/oss-security/2019/08/29/3

Mageia 7 is also affected.

David Walser 2019-08-31 03:26:07 CEST

Status comment: (none) => Fixed upstream in 1.2.2
Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2019-09-03 21:41:12 CEST

Updated package uploaded by Jani.

Advisory:
========================

Updated irssi packages fix security vulnerability:

Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double
CAP (CVE-2019-15717).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15717
https://www.openwall.com/lists/oss-security/2019/08/29/3
========================

Updated packages in core/updates_testing:
========================
irssi-1.2.2-1.mga7
irssi-devel-1.2.2-1.mga7
irssi-perl-1.2.2-1.mga7
irssi-otr-1.2.2-1.mga7

from irssi-1.2.2-1.mga7.src.rpm

Assignee: jani.valimaa => qa-bugs
CC: (none) => jani.valimaa
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 2 Brian Rockwell 2019-09-05 21:22:28 CEST

MGA7-64  gnome

14:21 -!-  ___           _
14:21 -!- |_ _|_ _ _____(_)
14:21 -!-  | || '_(_-<_-< |
14:21 -!- |___|_| /__/__/_|
14:21 -!- Irssi v1.2.2 - https://irssi.org

Participated in the QA meeting and it worked.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => brtians1

Comment 3 Thomas Andrews 2019-09-06 03:29:30 CEST

Good enough for me, Brian. Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-09-06 18:43:53 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 4 Mageia Robot 2019-09-06 23:11:31 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0255.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.