Overview

File _patchinfo of Package patchinfo.5661

<patchinfo incident="5661">
  <packager>msmeissn</packager>
  <issue tracker="cve" id="2016-7044"></issue>
  <issue tracker="cve" id="2016-7553"></issue>
  <issue tracker="cve" id="2016-7045"></issue>
  <issue tracker="bnc" id="999199">VUL-0: CVE-2016-7044, CVE-2016-7045: irssi: heap corruption and missing boundary checks</issue>
  <issue tracker="bnc" id="1001215">VUL-1: CVE-2016-7553: irssi: Information disclosure in buf.pl</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for irssi</summary>
  <description>The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues.

* CVE-2016-7044: The unformat_24bit_color function in the format parsing
  code in Irssi, when compiled with true-color enabled, allowed remote
  attackers to cause a denial of service (heap corruption and crash)
  via an incomplete 24bit color code.
* CVE-2016-7045: The format_send_to_gui function in the format parsing
  code in Irssi allowed remote attackers to cause a denial of service
  (heap corruption and crash) via vectors involving the length of a string.

See https://irssi.org/security/irssi_sa_2016.txt for more details.

* CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl

See https://irssi.org/2016/09/22/buf.pl-update/ for more information.
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places