Nom du paquet
weechat
Date
2013-04-10
Advisory ID
MDVSA-2013:136
Affected versions
MBS1 x86_64

Problem description

Updated weechat packages fix security vulnerability:

A buffer overflow is causing a crash or freeze of WeeChat (0.36 to
0.39) when decoding IRC colors in strings. The packages have been
patched to fix this problem (CVE-2012-5854).

Untrusted command for function hook_process in WeeChat before 0.3.9.2
could lead to execution of commands, because of shell expansions (so
the problem is only caused by some scripts, not by WeeChat itself)
(CVE-2012-5534).

Updated packages

MBS1 x86_64

 29cd0165dfd3f68cbd329e08b1b513fe  mbs1/x86_64/weechat-0.3.6-4.1.mbs1.x86_64.rpm
 98b3e8a25ad514e848e15f4744e8ac87  mbs1/x86_64/weechat-aspell-0.3.6-4.1.mbs1.x86_64.rpm
 3d597e868297a42d0fb6f9e147997a10  mbs1/x86_64/weechat-charset-0.3.6-4.1.mbs1.x86_64.rpm
 5c3fa0e35821e150b9fa50ce865b5ee3  mbs1/x86_64/weechat-devel-0.3.6-4.1.mbs1.x86_64.rpm
 e3650996e7346c18c2cd696d64ab7e58  mbs1/x86_64/weechat-lua-0.3.6-4.1.mbs1.x86_64.rpm
 a90663aa7db4af600c85a65646bfc8e4  mbs1/x86_64/weechat-perl-0.3.6-4.1.mbs1.x86_64.rpm
 f8812edd47ce004d2c52b8710bc5c36b  mbs1/x86_64/weechat-python-0.3.6-4.1.mbs1.x86_64.rpm
 a68490edca15eead4f90f6e83bbfc425  mbs1/x86_64/weechat-ruby-0.3.6-4.1.mbs1.x86_64.rpm
 392f30dbeeea04fb69bf91c2b29de426  mbs1/x86_64/weechat-tcl-0.3.6-4.1.mbs1.x86_64.rpm 
 ca70e70c8bd18b291dfb6eca55f6fa03  mbs1/SRPMS/weechat-0.3.6-4.1.mbs1.src.rpm

References