[URL] says: """ This release fixes a remote crash issue in Irssi 1.0 """ Not sure what that is as the release notes do not mention it as such: https://github.com/irssi/irssi/releases/tag/1.0.2 """ v1.0.2 2017-03-10 The Irssi team <staff@irssi.org> - Prevent some null-pointer crashes (GL!9). - Fix compilation with OpenSSL 1.1.0 (#628, #597). - Correct dereferencing of already freed server objects during output of netjoins. Found by APic (GL!10, GL#7). - Fix in command arg parser to detect missing arguments in tail place (#652, #651). - Fix regression that broke incoming DCC file transfers (#667, #656). - Fix issue with escaping \ in evaluated strings (#669, #520). """
commit d81b2136e02c140838ca99374c9a06f375f2c9c2 (HEAD -> master, origin/master, origin/HEAD) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Wed Mar 15 10:49:45 2017 +0100 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Wed Mar 15 11:22:13 2017 +0100 net-irc/irssi: version bump. Gentoo-Bug: https://bugs.gentoo.org/612678 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-irc/irssi/Manifest | 1 + net-irc/irssi/irssi-1.0.2.ebuild | 60 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 net-irc/irssi/irssi-1.0.2.ebuild
Can it be stabilized? if yes, please CC arches
(In reply to Agostino Sarubbo from comment #2) > Can it be stabilized? if yes, please CC arches Quoting the advisory[1] referred to by the URL: """ Affected versions ----------------- Irssi up to and including 1.0.1 We believe Irssi 0.8.21 and prior are not affected since a different code path causes the netjoins to be flushed prior to reaching the use after free condition. """ [1] https://irssi.org/security/irssi_sa_2017_03.txt
Like Jeroen pointed out in comment #3 upstream don't belief v0.8.21 was affected. Therefore we are done, repository is clean.