-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.2603
                           irssi security update
                                27 May 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           irssi
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-13045  

Original Bulletin: 
   http://www.debian.org/lts/security/2022/dla-3025

Comment: CVSS (Max):  8.1 CVE-2019-13045 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3025-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
May 26, 2022                                  https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : irssi
Version        : 1.0.7-1~deb9u2
CVE ID         : CVE-2019-13045
Debian Bug     : #931264

It was discovered that there was a user-after-free vulnerability in
irssi, the popular terminal-based IRC client.

For Debian 9 "Stretch", this problem has been fixed in version
1.0.7-1~deb9u2.

We recommend that you upgrade your irssi packages.

For the detailed security status of irssi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/irssi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmKPZmcACgkQHpU+J9Qx
HlhiYg//epLnf5XYZ7BWrZP1BMhwFmrjk934lV6ft5t98peRqsyHh8zxBxO+//p3
lrLi3+8XVA7QCGIOvaW3QOQwTlRbaVWYOO+SL/w4j8q0kAKKtLOMWDdP29wv37qW
GvjZHvWpo2mNNL+2nGm/cABNFAQn6Wt6baxA1rpT3yHTaefFxNu4OINi1rCpZkHa
Lxfzn49tMBCcXshVABacMUKiygSN8dNV+Of7n6c9Qo7PmxkzscZkMsLjqUTSwY4e
gskIj3Ofahk4Qf4smUlFG/hyN2BUzHMS1j9/W0TlHpE5dVHFQHZkhKQpHjyxbofN
hfp+/VCE6tsMfn/rTa25y/C8KcWyzNV/RqIhdgZZSBymbXTey7Qe2tVSKQVPZUw5
RboQvb8oRWVG8tNNMdI5VC2gNgk15vAZ2449jzpmYfo0Xj+7wwCsn/PWYkzPwVdf
PJjFBJxcJC5iot7GVPxs/A1FWb9jJ/HS+00dqeRP8VIxID6JiEl9IraPfwJUQlsN
ekqonTtCKfzRyVpTvJYvH6D3FvlXNFGYXooMYAx0YaTHLGzGuuHbzoBN5bHdZf2d
jj92SWgAFOXMaYt9KWEkdiew2I8TkHK4TcDce7AMiPXaj/Gh/h1Db+ax9VcoTlpu
rBNQGTQIWZ8WS2fKtgunxntZVzc7yExZpFhz4cLn8rxqh3IpArw=
=DKAp
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYpAPqMkNZI30y1K9AQiheRAAjNnJHE1v+4HmQaVOwhrdBHycOq8ELaBp
YxLEiX7s1nJnPUMpXJ7rtEKrXu6K6BJ8oIJMynRB3k6eWtB7VSXcfAjDGwprgxfM
N7SJ61HMQCh21L25sGDhArqYXaUu0XSgG8tDRoqiqhhH+zgEvcIRwfLQ8vycDSqg
zOK8ESQAVmUc6arCNzA11Cqkap/qMYV1k+bWuiRpGryxfzVZCanMVn2nPtZBOMEb
oMihPNUxV8a6uT6m4azi2xswl77aBV+J9EfekevyyUKP74Mr2XLAWUxX3wFrKgXl
FmEUmNwq/tf938H75gPHdqVcn3Abx7hS1zCfbV9UDVpII6sxswLw5x95mof78MQQ
rS13axTd8+/pIJz0jx920O6QciCeGsBUk99amTftsk1wH1Af1pz1cQCxD94I3UQ4
m+PKfvblmDTYGfjwEaGipVWDSA8K8VqjKUweXBGnYl2yXOYwktXvjLVieTXGR0xA
SUCUDqh7y/5fhtG/XaO9sVBvpCiN1A47yW+tfJ0Rc8QwJ3+xweJfXag3ejYm7spI
LQS4OgdKzVZ2Hj/KnsS1k8bMn9qD30vrtmrlRt6OnrDg4Fx4Xrxddj2zXaxE5IXc
DRJT5NP1c6uYFKtXTNqvEECHq8MqFgKr+6sqWTBS4/3gvz6faYD2V3W46m38Azu3
HCNAVDLpoRM=
=+PvT
-----END PGP SIGNATURE-----