1 |
type: security |
2 |
subject: Updated irssi-otr packages fix security vulnerability |
3 |
src: |
4 |
5: |
5 |
core: |
6 |
- irssi-otr-1.0.2-1.mga5 |
7 |
description: | |
8 |
It was discovered that irssi-otr had a flaw in handing data returned by |
9 |
libotr. After the initiation of the OTR session only the first line was |
10 |
sent as a PRIVMSG, while additional data would be sent as raw commands |
11 |
to the IRC server. The additional data would ordinarily be a |
12 |
human-readable HTML-formatted instruction message from libotr, a fixed |
13 |
string. However this is a minor security concern and the remediation |
14 |
avoids further security issues. |
15 |
references: |
16 |
- https://bugs.mageia.org/show_bug.cgi?id=20045 |
17 |
- https://lists.opensuse.org/opensuse-updates/2016-12/msg00157.html |
18 |
ID: MGASA-2017-0043 |