{"affected":[{"ecosystem_specific":{"binaries":[{"irssi":"0.8.20-9.1","irssi-devel":"0.8.20-9.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"irssi","purl":"pkg:rpm/suse/irssi&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.20-9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues.\n\n* CVE-2016-7044: The unformat_24bit_color function in the format parsing\n  code in Irssi, when compiled with true-color enabled, allowed remote\n  attackers to cause a denial of service (heap corruption and crash)\n  via an incomplete 24bit color code.\n* CVE-2016-7045: The format_send_to_gui function in the format parsing\n  code in Irssi allowed remote attackers to cause a denial of service\n  (heap corruption and crash) via vectors involving the length of a string.\n\nSee https://irssi.org/security/irssi_sa_2016.txt for more details.\n\n* CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl\n\nSee https://irssi.org/2016/09/22/buf.pl-update/ for more information.\n  ","id":"openSUSE-SU-2016:2524-1","modified":"2016-10-07T13:29:02Z","published":"2016-10-07T13:29:02Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1001215"},{"type":"REPORT","url":"https://bugzilla.suse.com/999199"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7044"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7045"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7553"}],"related":["CVE-2016-7044","CVE-2016-7045","CVE-2016-7553"],"summary":"Security update for irssi","upstream":["CVE-2016-7044","CVE-2016-7045","CVE-2016-7553"]}