Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 903623 (CVE-2023-29132, IRSSI-SA-2023-03)

Summary: <net-irc/irssi-1.4.4: UAF vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: monsieurp, swegener
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://irssi.org/security/irssi_sa_2023_03.txt
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 903145, 904221    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-03-31 04:22:25 UTC
Description:
"(a) Use after free while using a stale special collector reference
    found by ednash. (CWE-416)"

Fixed in 1.4.4, please bump.
Comment 1 Larry the Git Cow gentoo-dev 2023-04-11 19:41:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da37397246e3c2dbb4dab669347b93134f71cac

commit 6da37397246e3c2dbb4dab669347b93134f71cac
Author:     Marcel van den Bosch <m.v.d.bosch@gmail.com>
AuthorDate: 2023-04-11 09:21:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-04-11 19:40:59 +0000

    net-irc/irssi: add 1.4.4
    
    Bug: https://bugs.gentoo.org/903623
    Closes: https://bugs.gentoo.org/903145
    Signed-off-by: Marcel van den Bosch <m.v.d.bosch@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/30551
    Signed-off-by: Sam James <sam@gentoo.org>

 net-irc/irssi/Manifest           |  1 +
 net-irc/irssi/irssi-1.4.4.ebuild | 68 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-05-12 19:20:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bb2f592187636a601c33a99901ecdf735ee8883

commit 2bb2f592187636a601c33a99901ecdf735ee8883
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2023-05-12 19:18:43 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2023-05-12 19:20:38 +0000

    net-irc/irssi: drop 1.4.2, 1.4.3
    
    Bug: https://bugs.gentoo.org/903623
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-irc/irssi/Manifest           |  2 --
 net-irc/irssi/irssi-1.4.2.ebuild | 68 ----------------------------------------
 net-irc/irssi/irssi-1.4.3.ebuild | 68 ----------------------------------------
 3 files changed, 138 deletions(-)