A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Relevant packages: weechat-0.3.6-3.1.mga2
Is there a CVE for this Funda please?
CC: (none) => luigiwalser
No at the moment. See: http://www.weechat.org/security/
CVE requested on Saturday, should be a response here soon: http://seclists.org/oss-sec/2012/q4/252
SRPM: weechat-0.3.6-3.1.mga2.src.rpm ------------------------------------ weechat-aspell weechat-charset weechat-debug weechat-devel weechat-lua weechat-perl weechat-python weechat-ruby weechat-tcl weechat
This is CVE-2012-5854. http://seclists.org/oss-sec/2012/q4/268
Weechat is an irc client for the terminal Start with $ weechat Connect to freenode /connect freenode Set nick /nick MrsBTest Join QA /join #mageia-qa Not able to reproduce this and asking the devs on IRC got me nowhere so just checking the updated version seems to connect and join a channel. Testing complete mga2 64
Whiteboard: (none) => has_procedure mga2-64-OK
basic functionality tested on mga2 i586 (connect and join channel...). validate update Suggested Advisory ================== A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. SRPM: weechat-0.3.6-3.1.mga2.src.rpm Can sysadmin push packages to Updates? Thanks.
CC: (none) => marc.lattemann, sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK, MGA2-32-OK
Keywords: (none) => validated_update
Don't forget to include the CVE reference in the advisory. It is CVE-2012-5854. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5854 https://savannah.nongnu.org/bugs/?37704
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED