Fedora 27: irssi Security Update
Summary
Irssi is a modular IRC client with Perl scripting. Only text-mode
frontend is currently supported. The GTK/GNOME frontend is no longer
being maintained.
This is new version fixing multiple vulnerabilities: CVE-2018-7050,
CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054.
[ 1 ] Bug #1546226 - CVE-2018-7053 irssi: use-after-free when SASL messages are received in unexpected order
https://bugzilla.redhat.com/show_bug.cgi?id=1546226
[ 2 ] Bug #1546223 - CVE-2018-7054 irssi: use-after-free when a server is disconnected during netsplits
https://bugzilla.redhat.com/show_bug.cgi?id=1546223
[ 3 ] Bug #1546272 - CVE-2018-7052 irssi: Denial of Service (DoS) due to a NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1546272
[ 4 ] Bug #1546275 - CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with certain nick names
https://bugzilla.redhat.com/show_bug.cgi?id=1546275
[ 5 ] Bug #1546280 - CVE-2018-7050 irssi: Null pointer dereference when an "empty" nick has been observed by
https://bugzilla.redhat.com/show_bug.cgi?id=1546280
su -c 'dnf upgrade irssi' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2018-433d2dc3c7 2018-02-26 16:53:03.955475 Product : Fedora 27 Version : 1.0.7 Release : 1.fc27 URL : https://irssi.org/ Summary : Modular text mode IRC client with Perl scripting Description : Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained. This is new version fixing multiple vulnerabilities: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054. [ 1 ] Bug #1546226 - CVE-2018-7053 irssi: use-after-free when SASL messages are received in unexpected order https://bugzilla.redhat.com/show_bug.cgi?id=1546226 [ 2 ] Bug #1546223 - CVE-2018-7054 irssi: use-after-free when a server is disconnected during netsplits https://bugzilla.redhat.com/show_bug.cgi?id=1546223 [ 3 ] Bug #1546272 - CVE-2018-7052 irssi: Denial of Service (DoS) due to a NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1546272 [ 4 ] Bug #1546275 - CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with certain nick names https://bugzilla.redhat.com/show_bug.cgi?id=1546275 [ 5 ] Bug #1546280 - CVE-2018-7050 irssi: Null pointer dereference when an "empty" nick has been observed by https://bugzilla.redhat.com/show_bug.cgi?id=1546280 su -c 'dnf upgrade irssi' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References