PublicDateAtUSN: 2018-02-15
Candidate: CVE-2018-7053
PublicDate: 2018-02-15 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
 https://irssi.org/security/irssi_sa_2018_02.txt
 http://openwall.com/lists/oss-security/2018/02/15/1
 https://ubuntu.com/security/notices/USN-3590-1
Description:
 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There
 is a use-after-free when SASL messages are received in an unexpected order.
Ubuntu-Description:
Notes:
 leosilva> from debian, vulnerable code was introduced in 0.8.18
 leosilva> trusty is not-affected.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_irssi:
 other: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
upstream_irssi: released (1.0.7)
precise/esm_irssi: DNE
trusty_irssi: not-affected (code not present)
trusty/esm_irssi: DNE (trusty was not-affected [code not present])
xenial_irssi: released (0.8.19-1ubuntu1.7)
esm-infra/xenial_irssi: released (0.8.19-1ubuntu1.7)
artful_irssi: released (1.0.4-1ubuntu2.3)
devel_irssi: released (1.0.5-1ubuntu4)