Candidate: CVE-2017-7191
PublicDate: 2017-03-27 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
 https://irssi.org/security/irssi_sa_2017_03.txt
Description:
 The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause
 a denial of service (use-after-free) and possibly execute arbitrary code
 via unspecified vectors.
Ubuntu-Description:
Notes:
 mdeslaur> 0.8.21 and prior are not affected as per upstream
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857502
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_irssi:
 upstream: https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
upstream_irssi: released (1.0.2-1)
precise_irssi: not-affected (0.8.15-4ubuntu3.1)
trusty_irssi: not-affected (0.8.15-5ubuntu3.1)
trusty/esm_irssi: DNE (trusty was not-affected [0.8.15-5ubuntu3.1])
vivid/stable-phone-overlay_irssi: DNE
vivid/ubuntu-core_irssi: DNE
xenial_irssi: not-affected (0.8.19-1ubuntu1.3)
esm-infra/xenial_irssi: not-affected (0.8.19-1ubuntu1.3)
yakkety_irssi: not-affected (0.8.19-1ubuntu2.1)
devel_irssi: not-affected (0.8.20-2ubuntu2)