Mandriva Linux Security Advisory : weechat (MDVSA-2013:136)
High Nessus Plugin ID 66148
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated weechat packages fix security vulnerability :
A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem (CVE-2012-5854).
Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself) (CVE-2012-5534).
SolutionUpdate the affected packages.