PublicDateAtUSN: 2016-09-27
Candidate: CVE-2016-7553
PublicDate: 2017-02-27 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
 https://irssi.org/2016/09/22/buf.pl-update/
 http://www.openwall.com/lists/oss-security/2016/09/24/1
 https://irssi.org/security/buf_pl_sa_2016.txt
 https://ubuntu.com/security/notices/USN-3184-1
Description:
 The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions
 for the scrollbuffer dump file created between upgrades, which might allow
 local users to obtain sensitive information from private chat conversations
 by reading the file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838762
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]

Patches_irssi:
 upstream: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
upstream_irssi: released (0.8.20-2)
precise_irssi: released (0.8.15-4ubuntu3.1)
trusty_irssi: released (0.8.15-5ubuntu3.1)
trusty/esm_irssi: DNE (trusty was released [0.8.15-5ubuntu3.1])
vivid/stable-phone-overlay_irssi: DNE
vivid/ubuntu-core_irssi: DNE
xenial_irssi: released (0.8.19-1ubuntu1.3)
esm-infra/xenial_irssi: released (0.8.19-1ubuntu1.3)
yakkety_irssi: released (0.8.19-1ubuntu2.1)
devel_irssi: not-affected (0.8.20-2ubuntu1)