Hi, recently I've noticed that irssi-plugin-silc does not work with the irssi in Lenny. The problem is that it segfaults when used with the irssi version in Lenny. There is also a bug report for this on [1]. Because a group of people, which I'm part of, wanted to migrate from an IRC channel to SILC we noticed this and investigated further. The person who worked on this noticed that the source package of irssi-plugin-silc uses an embedded code copy of irssi 0.8.11, which is used to build the irssi plugin. Unfortunately the code where the segfault appearently happens has been changed in more recent irssi versions, so the segfault is... understandable. So we basically have two problems, where one is one that the security team should be aware of it (I don't know if they are, so I CC'ed you). 1. Segmentation faults when using irssi-plugin-silc in Lenny (which basically makes it release _unsuitable_) 2. Code copy of irssi 0.8.11 in silc-client-1.1.4 source package (apps/irssi) [relevant for sec. team] Well, the patch is obvious. Fix the plugin to work against the version in lenny. There has been some work done over in OpenBSD, one should look at this [2] when fixing it. Now remaining is the question: What should happen? In my opinion the SILC team should either coordinate a fix with the release team quickly or the package should be RM'd. Best Regards, Patrick [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522080 [2] http://openports.se/net/irssi-silc
Attachment:
signature.asc
Description: Digital signature