Bug 1378295 - New upstream release patching CVE-2016-7044 and CVE-2016-7045
Summary: New upstream release patching CVE-2016-7044 and CVE-2016-7045
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: irssi
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: rc
: ---
Assignee: Jaroslav Škarvada
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-22 03:55 UTC by Steven Haigh
Modified: 2016-11-08 16:05 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1378220
Environment:
Last Closed: 2016-09-30 12:05:03 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Steven Haigh 2016-09-22 03:55:51 UTC 
+++ This bug was initially created as a clone of Bug #1378220 +++

Description of problem:
irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs CVE-2016-7044 and CVE-2016-7045. Further details at https://irssi.org/2016/09/21/irssi-0.8.20-released/

The current package version for F25A is irssi-0.8.19-2.fc25.x86_64
Comment 2 Jaroslav Škarvada 2016-09-22 08:36:51 UTC 
(In reply to Steven Haigh from comment #0)
> +++ This bug was initially created as a clone of Bug #1378220 +++
> 
> Description of problem:
> irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs
> CVE-2016-7044 and CVE-2016-7045. Further details at
> https://irssi.org/2016/09/21/irssi-0.8.20-released/
> 
> The current package version for F25A is irssi-0.8.19-2.fc25.x86_64

But there is irssi-0.8.15-16.el7 in RHEL-7, thus it seems not to be affected. Flagging as security for security team to review it and very probably close it.
Comment 3 Adam Mariš 2016-09-30 12:05:03 UTC 
CVE-2016-7044 and CVE-2016-7045 issues don't affect irssi as shipped in RHEL-6 and RHEL-7.
Note You need to log in before you can comment on or make changes to this bug.