1 |
type: security |
2 |
subject: Updated weechat packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2020-9759 |
5 |
- CVE-2020-9760 |
6 |
src: |
7 |
7: |
8 |
core: |
9 |
- weechat-2.7.1-1.mga7 |
10 |
description: | |
11 |
Updated weechat packages fix security vulnerabilities: |
12 |
|
13 |
An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are |
14 |
affected). A malformed message 352 (who) can cause a NULL pointer |
15 |
dereference in the callback function, resulting in a crash |
16 |
(CVE-2020-9759). |
17 |
|
18 |
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are |
19 |
affected). When a new IRC message 005 is received with longer nick |
20 |
prefixes, a buffer overflow and possibly a crash can happen when a |
21 |
new mode is set for a nick (CVE-2020-9760). |
22 |
references: |
23 |
- https://bugs.mageia.org/show_bug.cgi?id=26400 |
24 |
- https://www.debian.org/lts/security/2020/dla-2157 |
25 |
ID: MGASA-2020-0153 |