ASA-201703-17 generated external raw

[ASA-201703-17] irssi: arbitrary code execution
Arch Linux Security Advisory ASA-201703-17 ========================================== Severity: High Date : 2017-03-21 CVE-ID : CVE-2017-7191 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-224 Summary ======= The package irssi before version 1.0.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.0.2-1. # pacman -Syu "irssi>=1.0.2-1" The problem has been fixed upstream in version 1.0.2. Workaround ========== None. Description =========== A use after free vulnerability has been discovered in irssi < 1.0.2 while producing a list of netjoins that can result in arbitrary code execution. Impact ====== A malicious attacker is able to crash the irssi process or execute arbitrary code on the host by forcing a server disconnection during a netsplit. References ========== https://irssi.org/security/irssi_sa_2017_03.txt https://security.archlinux.org/CVE-2017-7191