Upstream has issued an advisory on March 31: https://irssi.org/security/irssi_sa_2023_03.txt The issue is fixed upstream in 1.4.4.
Status comment: (none) => Fixed upstream in 1.4.4
Assigning to our registered Irssi maintainer
CC: (none) => marja11Assignee: bugsquad => cooker
Ubuntu has issued an advisory for this today (April 10): https://ubuntu.com/security/notices/USN-6002-1
Suggested advisory: ======================== The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. (CVE-2023-29132) References: https://irssi.org/security/irssi_sa_2023_03.txt https://ubuntu.com/security/notices/USN-6002-1 ======================== Updated packages in core/updates_testing: ======================== irssi-1.4.3-1.1.mga9 irssi-devel-1.4.3-1.1.mga9 irssi-otr-1.4.3-1.1.mga9 irssi-perl-1.4.3-1.1.mga9 from SRPM: irssi-1.4.3-1.1.mga9.src.rpm
Assignee: cooker => qa-bugsStatus comment: Fixed upstream in 1.4.4 => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2023-29132Version: Cauldron => 9CC: (none) => nicolas.salguero
Keywords: (none) => advisory
MGA9-64, The following 5 packages are going to be installed: - irssi-1.4.3-1.1.mga9.x86_64 - irssi-otr-1.4.3-1.1.mga9.x86_64 - irssi-perl-1.4.3-1.1.mga9.x86_64 - lib64otr5-4.1.1-5.mga9.x86_64 - lib64utf8proc2-2.8.0-1.mga9.x86_64 2.9MB of additional disk space will be used. able to join libera.chat conneced to multiple channels working as expected
Whiteboard: (none) => MGA9-64-OKCC: (none) => brtians1
VM Mageia 9 x86_64 Install current version,update and remove packages LC_ALL=C urpmi irssi To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release") irssi 1.4.3 1.mga9 x86_64 irssi-perl 1.4.3 1.mga9 x86_64 (recommended) lib64utf8proc2 2.8.0 1.mga9 x86_64 2.8MB of additional disk space will be used. 872KB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) y https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/irssi-perl-1.4.3-1.mga9.x86_64.rpm https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/irssi-1.4.3-1.mga9.x86_64.rpm https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/lib64utf8proc2-2.8.0-1.mga9.x86_64.rpm installing lib64utf8proc2-2.8.0-1.mga9.x86_64.rpm irssi-perl-1.4.3-1.mga9.x86_64.rpm irssi-1.4.3-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################################################################################### 1/3: lib64utf8proc2 ########################################################################################### 2/3: irssi-perl ########################################################################################### 3/3: irssi ########################################################################################### LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release" is up-to-date medium "Core Updates" is up-to-date medium "Nonfree Release" is up-to-date medium "Nonfree Updates" is up-to-date medium "Tainted Release" is up-to-date medium "Tainted Updates" is up-to-date installing irssi-1.4.3-1.1.mga9.x86_64.rpm irssi-perl-1.4.3-1.1.mga9.x86_64.rpm from //home/qateam/qa-testing/x86_64 Preparing... ########################################################################################### 1/2: irssi-perl ########################################################################################### 2/2: irssi ########################################################################################### 1/2: removing irssi-1.4.3-1.mga9.x86_64 ########################################################################################### 2/2: removing irssi-perl-1.4.3-1.mga9.x86_64 ########################################################################################### LC_ALL=C urpme $(rpm -qa|grep irssi) removing irssi-1.4.3-1.1.mga9.x86_64 irssi-perl-1.4.3-1.1.mga9.x86_64 removing package irssi-perl-1.4.3-1.1.mga9.x86_64 1/2: removing irssi-perl-1.4.3-1.1.mga9.x86_64 ########################################################################################### removing package irssi-1.4.3-1.1.mga9.x86_64 2/2: removing irssi-1.4.3-1.1.mga9.x86_64 ########################################################################################### writing /var/lib/rpm/installed-through-deps.list The following package: lib64utf8proc2-2.8.0-1.mga9.x86_64 is now orphaned, if you wish to remove it, you can use "urpme --auto-orphans" LC_ALL=C urpme --auto-orphans --auto removing lib64utf8proc2-2.8.0-1.mga9.x86_64 removing package lib64utf8proc2-2.8.0-1.mga9.x86_64 1/1: removing lib64utf8proc2-2.8.0-1.mga9.x86_64 ########################################################################################### Not issues detected
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0063.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED