IRSSI-SA-2019-06 Irssi Security Advisory [1] ============================================ CVE-2019-13045 Description ----------- (a) Use after free when sending SASL login to the server found by ilbelkyr. (CWE-416, CWE-825) CVE-2019-13045 [2] was assigned to this issue. Impact ------ May affect the stability of Irssi. SASL logins may fail, especially during (manual and automated) reconnect. Affected versions ----------------- (a) Irssi 0.8.18 and later Fixed in -------- Irssi 1.0.8, 1.1.3, 1.2.1 Recommended action ------------------ Upgrade to the latest Irssi. We've published maintenance releases, without any new features. After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect. Mitigating facts ---------------- Users who have not configured SASL, are not affected by this issue. References ---------- [1] https://irssi.org/security/irssi_sa_2019_06.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13045
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8abedfbc9aa8cb11907e5d6788d3870ba1455a92 commit 8abedfbc9aa8cb11907e5d6788d3870ba1455a92 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2019-06-30 03:55:48 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2019-06-30 04:06:15 +0000 net-irc/irssi: Version bump, security bug #688944 Bug: https://bugs.gentoo.org/688944 Package-Manager: Portage-2.3.66, Repoman-2.3.11 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-irc/irssi/Manifest | 1 + net-irc/irssi/irssi-1.2.1.ebuild | 65 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+)
cc arches?
Not sure what happened to our three maintainers. Cc'ing arches.
amd64 stable
sparc stable
x86 stable
ppc stable
ppc64 stable
ia64 stable
alpha stable
hppa stable
arm stable