On Sat, Apr 01, 2023 at 10:36:56AM +0200, Salvatore Bonaccorso wrote: > Source: irssi > Version: 1.4.3-1 > Severity: grave > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for irssi. > > CVE-2023-29132[0]: > | Irssi SA-2023-03 / Use after free in printing routine
Just to be clear, the following are mitigating facts: The precondition for this issue is printing a non-formatted line during the printing of a formatted line. This is unlikely to happen without scripts, and is obscured by the slice allocator when using GLib before version 2.77. *but* I still filled it for now as RC, as the fix is very isolated, and good to be included in bookworm already. Regards, Salvatore