openSUSE has issued an advisory on April 19: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IWZLMEBAAR5OLPQC7PWZHARHSMCZNVIM/ As the SUSE-bug says: irssi 1.2.3 contains some security fixes. * memory handling issues * memory leaks * erroneous free * crashes / freezes * null pointer dereference when receiving broken JOIN record References: https://irssi.org/2021/04/11/irssi-1.2.3-released/ https://irssi.org/NEWS/#v1-2-3
CC: (none) => geiger.david68210Whiteboard: (none) => MGA7TOOAssignee: bugsquad => jani.valimaa
fixed in mga7/8 src: - mga7: - libnsl-1.3.0-1.mga7 - irssi-1.2.3-1.mga7 - mga8: - irssi-1.2.3-1.mga8
Assignee: jani.valimaa => qa-bugsCC: (none) => mageia
I think importing libnsl to mga7 is a wrong approach as when mga7 was released libnsl.so was living in glibc-devel. Just remove 'pkgconfig(libnsl)' BR from mga7 irssi.
CC: (none) => jani.valimaa
yes, libnsl does not belong in Mageia 7
Assigning back to Nicholas as Mageia 7 isn't done. Package list for Mageia 8: irssi-1.2.3-1.mga8 irssi-perl-1.2.3-1.mga8 irssi-devel-1.2.3-1.mga8 irssi-otr-1.2.3-1.mga8
Assignee: qa-bugs => mageia
fixing package list as it now builds. fixed in mga7/8 src: - mga7: - irssi-1.2.3-1.mga7 - mga8: - irssi-1.2.3-1.mga8
Assignee: mageia => qa-bugs
RPMS for Mageia 7: irssi-1.2.3-1.mga7 irssi-devel-1.2.3-1.mga7 irssi-perl-1.2.3-1.mga7 irssi-otr-1.2.3-1.mga7
The following 6 packages are going to be installed: - irssi-1.2.3-1.mga8.x86_64 - irssi-devel-1.2.3-1.mga8.x86_64 - irssi-otr-1.2.3-1.mga8.x86_64 - irssi-perl-1.2.3-1.mga8.x86_64 - lib64otr5-4.1.1-3.mga8.x86_64 - lib64utf8proc2-2.6.1-1.mga8.x86_64 logged into freenode and #mageia definitely sending commands and seeing transactions. working
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OKCC: (none) => brtians1
MGA7-64 The following 6 packages are going to be installed: - irssi-1.2.3-1.mga7.x86_64 - irssi-devel-1.2.3-1.mga7.x86_64 - irssi-otr-1.2.3-1.mga7.x86_64 - irssi-perl-1.2.3-1.mga7.x86_64 - lib64otr5-4.1.1-2.mga7.x86_64 - lib64utf8proc2-2.3.0-1.mga7.x86_64 visited freenode #mageia working as designed.
Whiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA8-64-OK MGA7-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory: ======================== Updated irssi packages fix security vulnerabilities The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: * memory handling issues * memory leaks * erroneous free * crashes / freezes * null pointer dereference when receiving broken JOIN record. References: https://bugs.mageia.org/show_bug.cgi?id=29060 https://irssi.org/2021/04/11/irssi-1.2.3-released/ https://irssi.org/NEWS/#v1-2-3 ======================== Updated packages in 7/core/updates_testing: ======================== irssi-1.2.3-1.mga7 irssi-devel-1.2.3-1.mga7 irssi-perl-1.2.3-1.mga7 irssi-otr-1.2.3-1.mga7 from SRPM: irssi-1.2.3-1.mga7.src.rpm ======================== Updated packages in 8/core/updates_testing: ======================== irssi-1.2.3-1.mga8 irssi-perl-1.2.3-1.mga8 irssi-devel-1.2.3-1.mga8 irssi-otr-1.2.3-1.mga8 from SRPM irssi-1.2.3-1.mga8.src.rpm
CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0255.html
Status: NEW => RESOLVEDResolution: (none) => FIXED