Branch sisyphus update bulletin.

Package weechat updated to version 2.8-alt1 for branch sisyphus in task 249653.

Published: 2020-02-13
Modified: 2024-11-21

CVE-2020-8955

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-03-23
Modified: 2024-11-21

CVE-2020-9760

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package fence-agents updated to version 4.3.3-alt2 for branch sisyphus in task 249667.

По умолчанию ищет программу в /sbin/sbd, а должен - /usr/sbin/sbd

Package itop updated to version 2.6.3-alt1 for branch sisyphus in task 249700.

Published: 2020-03-16
Modified: 2024-11-21

CVE-2019-19821

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Version: 2.1.0

Branch sisyphus update on 2020-04-10

ALT-BU-2020-3754-1

ALT-PU-2020-1694-1

Closed vulnerabilities

CVE-2020-8955

CVE-2020-9760

ALT-PU-2020-1695-1

Closed bugs

Bug #38343

ALT-PU-2020-1700-1

Closed vulnerabilities

CVE-2019-19821