Updated irssi-otr packages fix security vulnerability
Publication date: 07 Feb 2017Modification date: 07 Feb 2017
Type: security
Affected Mageia releases : 5
Description
It was discovered that irssi-otr had a flaw in handing data returned by
libotr. After the initiation of the OTR session only the first line was
sent as a PRIVMSG, while additional data would be sent as raw commands
to the IRC server. The additional data would ordinarily be a
human-readable HTML-formatted instruction message from libotr, a fixed
string. However this is a minor security concern and the remediation
avoids further security issues.
References
SRPMS
5/core
- irssi-otr-1.0.2-1.mga5