Bug 1378220 - New upstream release patching CVE-2016-7044 and CVE-2016-7045
Summary: New upstream release patching CVE-2016-7044 and CVE-2016-7045
Keywords:
Status: CLOSED DUPLICATE of bug 1378345
Alias: None
Product: Fedora
Classification: Fedora
Component: irssi
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Marek Mahut
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-21 21:14 UTC by bob
Modified: 2016-09-24 15:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1378295 (view as bug list)
Environment:
Last Closed: 2016-09-22 12:56:39 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description bob 2016-09-21 21:14:34 UTC
Description of problem:
irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs CVE-2016-7044 and CVE-2016-7045. Further details at https://irssi.org/2016/09/21/irssi-0.8.20-released/

The current package version for F25A is irssi-0.8.19-2.fc25.x86_64

Comment 1 Jaroslav Škarvada 2016-09-22 12:56:39 UTC

*** This bug has been marked as a duplicate of bug 1378345 ***

Comment 2 Steven Miano 2016-09-24 15:26:53 UTC
Is this really a duplicate due to the versions being different in Red Hat versus Fedora? 

Red Hat Enterprise Linux is seemingly unaffected by this issue at this time - but Fedora is very vulnerable to a remote exploit attempt if left as is.


Note You need to log in before you can comment on or make changes to this bug.