From Mageia wiki
Jump to: navigation, search

MGASA-2012-0347

Date: November 30th, 2012
Affected releases: 1, 2


Description:
Updated weechat packages fix security vulnerability:

Untrusted command for function hook_process in WeeChat before 0.3.9.2
could lead to execution of commands, because of shell expansions
(so the problem is only caused by some scripts, not by WeeChat itself)
(CVE-2012-5534).


Updated Packages:
Mageia 1:
weechat-0.3.0-1.1.mga1
weechat-aspell-0.3.0-1.1.mga1
weechat-charset-0.3.0-1.1.mga1
weechat-devel-0.3.0-1.1.mga1
weechat-lua-0.3.0-1.1.mga1
weechat-perl-0.3.0-1.1.mga1
weechat-python-0.3.0-1.1.mga1
weechat-ruby-0.3.0-1.1.mga1
weechat-tcl-0.3.0-1.1.mga1

Mageia 2:
weechat-0.3.6-3.2.mga2
weechat-aspell-0.3.6-3.2.mga2
weechat-charset-0.3.6-3.2.mga2
weechat-devel-0.3.6-3.2.mga2
weechat-lua-0.3.6-3.2.mga2
weechat-perl-0.3.6-3.2.mga2
weechat-python-0.3.6-3.2.mga2
weechat-ruby-0.3.6-3.2.mga2
weechat-tcl-0.3.6-3.2.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5534
https://savannah.nongnu.org/bugs/?37764
http://www.weechat.org/security/
http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html
https://bugs.mageia.org/show_bug.cgi?id=8235