Bug 1378295

Summary: New upstream release patching CVE-2016-7044 and CVE-2016-7045
Product: Red Hat Enterprise Linux 7 Reporter: Steven Haigh <netwiz>
Component: irssiAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED NOTABUG QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.2CC: bob, extras-qa, huzaifas, jskarvad, mianosm, mmahut, toracat
Target Milestone: rcKeywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1378220 Environment:
Last Closed: 2016-09-30 12:05:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Steven Haigh 2016-09-22 03:55:51 UTC 
+++ This bug was initially created as a clone of Bug #1378220 +++

Description of problem:
irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs CVE-2016-7044 and CVE-2016-7045. Further details at https://irssi.org/2016/09/21/irssi-0.8.20-released/

The current package version for F25A is irssi-0.8.19-2.fc25.x86_64
Comment 2 Jaroslav Škarvada 2016-09-22 08:36:51 UTC 
(In reply to Steven Haigh from comment #0)
> +++ This bug was initially created as a clone of Bug #1378220 +++
> 
> Description of problem:
> irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs
> CVE-2016-7044 and CVE-2016-7045. Further details at
> https://irssi.org/2016/09/21/irssi-0.8.20-released/
> 
> The current package version for F25A is irssi-0.8.19-2.fc25.x86_64

But there is irssi-0.8.15-16.el7 in RHEL-7, thus it seems not to be affected. Flagging as security for security team to review it and very probably close it.
Comment 3 Adam Mariš 2016-09-30 12:05:03 UTC 
CVE-2016-7044 and CVE-2016-7045 issues don't affect irssi as shipped in RHEL-6 and RHEL-7.