Bug 1378343 (CVE-2016-7044)
Summary: | CVE-2016-7044 irssi: Unchecked input in unformat_24bit_color() can lead to crash | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cbuissar, huzaifas, jskarvad, mmahut |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | irssi 0.8.20 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-27 08:59:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1378345, 1378346 | ||
Bug Blocks: | 1378349 |
Description
Adam Mariš
2016-09-22 08:18:38 UTC
Created irssi tracking bugs for this issue: Affects: fedora-all [bug 1378345] Affects: epel-5 [bug 1378346] (In reply to Adam Mariš from comment #1) > Affects: epel-5 [bug 1378346] Are you sure? According to comment 0, "Affected versions: Irssi 0.8.17-beta up", there is irssi-0.8.15-1.el5 in the EPEL-5. (In reply to Jaroslav Škarvada from comment #2) > (In reply to Adam Mariš from comment #1) > > Affects: epel-5 [bug 1378346] > > Are you sure? According to comment 0, "Affected versions: Irssi 0.8.17-beta > up", there is irssi-0.8.15-1.el5 in the EPEL-5. I know, I haven't got time to check it. Sometimes upstream doesn't include information about unsupported versions, so we have to check it as well. However, the only difference here is in patch version, thus 0.8.15 is unlikely to be unsupported. Reconsidering it now, I'll close the bug. Thanks for notifying me! The unformat_24bit_color() function is not part of irssi as shipped in RHEL-6, RHEL-7 or EPEL-5. These products are not affected by this flaw. |