|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0043 (irssi-otr)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0043: Updated irssi-otr packages fix security vulnerability 


Date:
    	      Tue, 7 Feb 2017 14:35:13 +0100


Message-ID:
    	      <20170207133513.EA0829F7CC@duvel.mageia.org>


MGASA-2017-0043 - Updated irssi-otr packages fix security vulnerability

Publication date: 07 Feb 2017
URL: http://advisories.mageia.org/MGASA-2017-0043.html
Type: security
Affected Mageia releases: 5

Description:
It was discovered that irssi-otr had a flaw in handing data returned by
libotr. After the initiation of the OTR session only the first line was
sent as a PRIVMSG, while additional data would be sent as raw commands
to the IRC server. The additional data would ordinarily be a
human-readable HTML-formatted instruction message from libotr, a fixed
string. However this is a minor security concern and the remediation
avoids further security issues.

References:
- https://bugs.mageia.org/show_bug.cgi?id=20045
- https://lists.opensuse.org/opensuse-updates/2016-12/msg00...

SRPMS:
- 5/core/irssi-otr-1.0.2-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds