Debian-LTS has issued an advisory on March 24: https://www.debian.org/lts/security/2020/dla-2157 The issues are fixed upstream in 2.7.1.
Status comment: (none) => Fixed upstream in 2.7.1
Advisory ======== Weechat has been updated to fix 2 security issues. CVE-2020-9759: An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash. CVE-2020-9760: An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. References ========== https://www.debian.org/lts/security/2020/dla-2157 https://nvd.nist.gov/vuln/detail/CVE-2020-9759 https://nvd.nist.gov/vuln/detail/CVE-2020-9760 Files ===== Uploaded to core/updates_testing weechat-2.7.1-1.mga7 weechat-aspell-2.7.1-1.mga7 weechat-charset-2.7.1-1.mga7 weechat-devel-2.7.1-1.mga7 weechat-guile-2.7.1-1.mga7 weechat-lua-2.7.1-1.mga7 weechat-perl-2.7.1-1.mga7 weechat-python-2.7.1-1.mga7 weechat-ruby-2.7.1-1.mga7 weechat-tcl-2.7.1-1.mga7 from weechat-2.7.1-1.mga7.src.rpm
Assignee: smelror => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 26267 for testing. I could connect to #mageia-qa, and post, but apparently no one there to answer. So OK AFAICS.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0153.html
Status: NEW => RESOLVEDResolution: (none) => FIXED