Bug 1378220

Summary: New upstream release patching CVE-2016-7044 and CVE-2016-7045
Product: [Fedora] Fedora Reporter: bob
Component: irssiAssignee: Marek Mahut <mmahut>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 25CC: huzaifas, jskarvad, mianosm, mmahut
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1378295 (view as bug list) Environment:
Last Closed: 2016-09-22 12:56:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description bob 2016-09-21 21:14:34 UTC 
Description of problem:
irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs CVE-2016-7044 and CVE-2016-7045. Further details at https://irssi.org/2016/09/21/irssi-0.8.20-released/

The current package version for F25A is irssi-0.8.19-2.fc25.x86_64
Comment 1 Jaroslav Škarvada 2016-09-22 12:56:39 UTC 

*** This bug has been marked as a duplicate of bug 1378345 ***
Comment 2 Steven Miano 2016-09-24 15:26:53 UTC 
Is this really a duplicate due to the versions being different in Red Hat versus Fedora? 

Red Hat Enterprise Linux is seemingly unaffected by this issue at this time - but Fedora is very vulnerable to a remote exploit attempt if left as is.