29513 – weechat new security issue CVE-2021-40516

Bug 29513 - weechat new security issue CVE-2021-40516

Summary: weechat new security issue CVE-2021-40516

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-10-01 16:17 CEST by David Walser
Modified:	2021-10-06 21:43 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	weechat-3.0-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-10-01 16:17:01 CEST

Debian-LTS has issued an advisory on September 30:
https://www.debian.org/lts/security/2021/dla-2770

The issue is fixed upstream in 3.2.1.

David Walser 2021-10-01 16:17:17 CEST

CC: (none) => smelror
Status comment: (none) => Fixed upstream in 3.2.1

Comment 1 Lewis Smith 2021-10-01 20:04:41 CEST

We have 3.2.1 in Cauldron.
Assigning this to Stig who did that (+ prev & next versions).

Assignee: bugsquad => smelror

Comment 2 Nicolas Lécureuil 2021-10-03 01:28:48 CEST

fixes in mga8:

src:
    - weechat-3.0-1.1.mga8

CC: (none) => mageia
Assignee: smelror => qa-bugs

Comment 3 David Walser 2021-10-03 01:31:49 CEST

weechat-perl-3.0-1.1.mga8
weechat-tcl-3.0-1.1.mga8
weechat-guile-3.0-1.1.mga8
weechat-ruby-3.0-1.1.mga8
weechat-python-3.0-1.1.mga8
weechat-lua-3.0-1.1.mga8
weechat-devel-3.0-1.1.mga8
weechat-aspell-3.0-1.1.mga8
weechat-charset-3.0-1.1.mga8
weechat-3.0-1.1.mga8

from weechat-3.0-1.1.mga8.src.rpm

Status comment: Fixed upstream in 3.2.1 => (none)

Comment 4 Brian Rockwell 2021-10-04 02:59:25 CEST

MGA8-64, Xfce

The following 12 packages are going to be installed:

- guile3.0-runtime-3.0.4-3.mga8.x86_64
- lib64gc1-8.0.4-2.mga8.x86_64
- lib64guile3.0_1-3.0.4-3.mga8.x86_64
- weechat-3.0-1.1.mga8.x86_64
- weechat-aspell-3.0-1.1.mga8.x86_64
- weechat-charset-3.0-1.1.mga8.x86_64
- weechat-guile-3.0-1.1.mga8.x86_64
- weechat-lua-3.0-1.1.mga8.x86_64
- weechat-perl-3.0-1.1.mga8.x86_64
- weechat-python-3.0-1.1.mga8.x86_64
- weechat-ruby-3.0-1.1.mga8.x86_64
- weechat-tcl-3.0-1.1.mga8.x86_64

Connected to libera

chatted

working as designed.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => brtians1

Comment 5 Thomas Andrews 2021-10-04 20:14:26 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-10-06 19:38:11 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2021-10-06 21:43:26 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0466.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.