1378295 – New upstream release patching CVE-2016-7044 and CVE-2016-7045

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1378295 - New upstream release patching CVE-2016-7044 and CVE-2016-7045

Summary: New upstream release patching CVE-2016-7044 and CVE-2016-7045

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	irssi
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Jaroslav Škarvada
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-22 03:55 UTC by Steven Haigh
Modified:	2016-11-08 16:05 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1378220
Environment:
Last Closed:	2016-09-30 12:05:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Steven Haigh 2016-09-22 03:55:51 UTC

+++ This bug was initially created as a clone of Bug #1378220 +++

Description of problem:
irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs CVE-2016-7044 and CVE-2016-7045. Further details at https://irssi.org/2016/09/21/irssi-0.8.20-released/

The current package version for F25A is irssi-0.8.19-2.fc25.x86_64

Comment 2 Jaroslav Škarvada 2016-09-22 08:36:51 UTC

(In reply to Steven Haigh from comment #0)
> +++ This bug was initially created as a clone of Bug #1378220 +++
> 
> Description of problem:
> irssi versions 0.8.17 to 0.8.19 are affected by heap corruption bugs
> CVE-2016-7044 and CVE-2016-7045. Further details at
> https://irssi.org/2016/09/21/irssi-0.8.20-released/
> 
> The current package version for F25A is irssi-0.8.19-2.fc25.x86_64

But there is irssi-0.8.15-16.el7 in RHEL-7, thus it seems not to be affected. Flagging as security for security team to review it and very probably close it.

Comment 3 Adam Mariš 2016-09-30 12:05:03 UTC

CVE-2016-7044 and CVE-2016-7045 issues don't affect irssi as shipped in RHEL-6 and RHEL-7.

Note You need to log in before you can comment on or make changes to this bug.