advisories/20045.adv

type: security
subject: Updated irssi-otr packages fix security vulnerability
src:
  5:
   core:
     - irssi-otr-1.0.2-1.mga5
description: |
  It was discovered that irssi-otr had a flaw in handing data returned by
  libotr. After the initiation of the OTR session only the first line was
  sent as a PRIVMSG, while additional data would be sent as raw commands
  to the IRC server. The additional data would ordinarily be a
  human-readable HTML-formatted instruction message from libotr, a fixed
  string. However this is a minor security concern and the remediation
  avoids further security issues.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20045
 - https://lists.opensuse.org/opensuse-updates/2016-12/msg00157.html
ID: MGASA-2017-0043
1	type: security
2	subject: Updated irssi-otr packages fix security vulnerability
3	src:
4	5:
5	core:
6	- irssi-otr-1.0.2-1.mga5
7	description: \|
8	It was discovered that irssi-otr had a flaw in handing data returned by
9	libotr. After the initiation of the OTR session only the first line was
10	sent as a PRIVMSG, while additional data would be sent as raw commands
11	to the IRC server. The additional data would ordinarily be a
12	human-readable HTML-formatted instruction message from libotr, a fixed
13	string. However this is a minor security concern and the remediation
14	avoids further security issues.
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=20045
17	- https://lists.opensuse.org/opensuse-updates/2016-12/msg00157.html
18	ID: MGASA-2017-0043