OpenSuSE has issued an advisory today (November 28):
It fixes a new issue, CVE-2012-5534, which they have a patch for.
Upstream shows this as fixed in 0.3.9.2 (so Cauldron is affected).
Fedora has issued an advisory for this on November 20:
The RedHat bug also has a link to the upstream change that fixes this:
Here's a patch link in Fedora git:
Updated package uploaded for Cauldron by Funda.
Patched package uploaded for Mageia 1 and Mageia 2 by Funda. Thanks Funda!
Updated weechat packages fix security vulnerability:
Untrusted command for function hook_process in WeeChat before 0.3.9.2 could
lead to execution of commands, because of shell expansions (so the problem is
only caused by some scripts, not by WeeChat itself) (CVE-2012-5534).
Updated packages in core/updates_testing:
No PoC so just testing the basics
Testing complete Mga1 32 & 64 and Mga2 64
Testing complete mga2 32
Advisory & srpms for Mageia 1 & 2 in comment 3
Could sysadmin please push from core/updates_testing to core/updates