Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688944 (CVE-2019-13045) - <net-irc/irssi-1.2.1: Use after free when sending SASL login to the server
Summary: <net-irc/irssi-1.2.1: Use after free when sending SASL login to the server
Alias: CVE-2019-13045
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-06-29 15:34 UTC by Jeroen Roovers (RETIRED)
Modified: 2019-07-25 17:45 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2019-06-29 15:34:51 UTC
IRSSI-SA-2019-06 Irssi Security Advisory [1]


(a) Use after free when sending SASL login to the server found by
    ilbelkyr. (CWE-416, CWE-825)

    CVE-2019-13045 [2] was assigned to this issue.


May affect the stability of Irssi. SASL logins may fail, especially
during (manual and automated) reconnect.

Affected versions

(a) Irssi 0.8.18 and later

Fixed in

Irssi 1.0.8, 1.1.3, 1.2.1

Recommended action

Upgrade to the latest Irssi. We've published maintenance releases,
without any new features.

After installing the updated packages, one can issue the /upgrade
command to load the new binary. TLS connections will require

Mitigating facts

Users who have not configured SASL, are not affected by this issue.


Comment 1 Larry the Git Cow gentoo-dev 2019-06-30 04:06:28 UTC
The bug has been referenced in the following commit(s):

commit 8abedfbc9aa8cb11907e5d6788d3870ba1455a92
Author:     Sven Wegener <>
AuthorDate: 2019-06-30 03:55:48 +0000
Commit:     Sven Wegener <>
CommitDate: 2019-06-30 04:06:15 +0000

    net-irc/irssi: Version bump, security bug #688944
    Package-Manager: Portage-2.3.66, Repoman-2.3.11
    Signed-off-by: Sven Wegener <>

 net-irc/irssi/Manifest           |  1 +
 net-irc/irssi/irssi-1.2.1.ebuild | 65 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
Comment 2 Matt Turner gentoo-dev 2019-07-07 20:34:13 UTC
cc arches?
Comment 3 Matt Turner gentoo-dev 2019-07-14 20:23:28 UTC
Not sure what happened to our three maintainers. Cc'ing arches.
Comment 4 Agostino Sarubbo gentoo-dev 2019-07-15 13:14:40 UTC
amd64 stable
Comment 5 Rolf Eike Beer archtester 2019-07-15 19:23:03 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-07-17 15:25:30 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-07-18 09:59:00 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-07-18 10:02:51 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-07-18 11:45:25 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2019-07-18 13:10:26 UTC
alpha stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2019-07-21 08:27:27 UTC
hppa stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-07-25 17:44:24 UTC
arm stable