SUSE-SU-2016:2524-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2016/suse-su-20162524-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2524-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:2524-1
Related
Published
2016-10-07T13:29:02Z
Modified
2016-10-07T13:29:02Z
Summary
Security update for irssi
Details

The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues.

  • CVE-2016-7044: The unformat24bitcolor function in the format parsing code in Irssi, when compiled with true-color enabled, allowed remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
  • CVE-2016-7045: The formatsendto_gui function in the format parsing code in Irssi allowed remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.

See https://irssi.org/security/irssisa2016.txt for more details.

  • CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl

See https://irssi.org/2016/09/22/buf.pl-update/ for more information.

References

Affected packages

SUSE:Package Hub 12 / irssi

Package

Name
irssi
Purl
pkg:rpm/suse/irssi&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.20-9.1

Ecosystem specific 

{
    "binaries": [
        {
            "irssi-devel": "0.8.20-9.1",
            "irssi": "0.8.20-9.1"
        }
    ]
}