Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2603 irssi security update 27 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: irssi Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2019-13045 Original Bulletin: http://www.debian.org/lts/security/2022/dla-3025 Comment: CVSS (Max): 8.1 CVE-2019-13045 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3025-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb May 26, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : irssi Version : 1.0.7-1~deb9u2 CVE ID : CVE-2019-13045 Debian Bug : #931264 It was discovered that there was a user-after-free vulnerability in irssi, the popular terminal-based IRC client. For Debian 9 "Stretch", this problem has been fixed in version 1.0.7-1~deb9u2. We recommend that you upgrade your irssi packages. For the detailed security status of irssi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/irssi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmKPZmcACgkQHpU+J9Qx HlhiYg//epLnf5XYZ7BWrZP1BMhwFmrjk934lV6ft5t98peRqsyHh8zxBxO+//p3 lrLi3+8XVA7QCGIOvaW3QOQwTlRbaVWYOO+SL/w4j8q0kAKKtLOMWDdP29wv37qW GvjZHvWpo2mNNL+2nGm/cABNFAQn6Wt6baxA1rpT3yHTaefFxNu4OINi1rCpZkHa Lxfzn49tMBCcXshVABacMUKiygSN8dNV+Of7n6c9Qo7PmxkzscZkMsLjqUTSwY4e gskIj3Ofahk4Qf4smUlFG/hyN2BUzHMS1j9/W0TlHpE5dVHFQHZkhKQpHjyxbofN hfp+/VCE6tsMfn/rTa25y/C8KcWyzNV/RqIhdgZZSBymbXTey7Qe2tVSKQVPZUw5 RboQvb8oRWVG8tNNMdI5VC2gNgk15vAZ2449jzpmYfo0Xj+7wwCsn/PWYkzPwVdf PJjFBJxcJC5iot7GVPxs/A1FWb9jJ/HS+00dqeRP8VIxID6JiEl9IraPfwJUQlsN ekqonTtCKfzRyVpTvJYvH6D3FvlXNFGYXooMYAx0YaTHLGzGuuHbzoBN5bHdZf2d jj92SWgAFOXMaYt9KWEkdiew2I8TkHK4TcDce7AMiPXaj/Gh/h1Db+ax9VcoTlpu rBNQGTQIWZ8WS2fKtgunxntZVzc7yExZpFhz4cLn8rxqh3IpArw= =DKAp - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYpAPqMkNZI30y1K9AQiheRAAjNnJHE1v+4HmQaVOwhrdBHycOq8ELaBp YxLEiX7s1nJnPUMpXJ7rtEKrXu6K6BJ8oIJMynRB3k6eWtB7VSXcfAjDGwprgxfM N7SJ61HMQCh21L25sGDhArqYXaUu0XSgG8tDRoqiqhhH+zgEvcIRwfLQ8vycDSqg zOK8ESQAVmUc6arCNzA11Cqkap/qMYV1k+bWuiRpGryxfzVZCanMVn2nPtZBOMEb oMihPNUxV8a6uT6m4azi2xswl77aBV+J9EfekevyyUKP74Mr2XLAWUxX3wFrKgXl FmEUmNwq/tf938H75gPHdqVcn3Abx7hS1zCfbV9UDVpII6sxswLw5x95mof78MQQ rS13axTd8+/pIJz0jx920O6QciCeGsBUk99amTftsk1wH1Af1pz1cQCxD94I3UQ4 m+PKfvblmDTYGfjwEaGipVWDSA8K8VqjKUweXBGnYl2yXOYwktXvjLVieTXGR0xA SUCUDqh7y/5fhtG/XaO9sVBvpCiN1A47yW+tfJ0Rc8QwJ3+xweJfXag3ejYm7spI LQS4OgdKzVZ2Hj/KnsS1k8bMn9qD30vrtmrlRt6OnrDg4Fx4Xrxddj2zXaxE5IXc DRJT5NP1c6uYFKtXTNqvEECHq8MqFgKr+6sqWTBS4/3gvz6faYD2V3W46m38Azu3 HCNAVDLpoRM= =+PvT -----END PGP SIGNATURE-----