7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
An update that fixes one vulnerability is now available.
Description:
This update for weechat fixes the following issues:
update to 3.2.1:
update to 3.2
main changes:
* use XDG directories by default (config, data, cache, runtime)
* add support of IRC SASL mechanisms SCRAM-SHA-1, SCRAM-SHA-256 and
SCRAM-SHA-512
* automatically load system certificates without giving a hardcoded path
to the file with certificates
* add options to customize commands executed on system signals received
(SIGHUP, SIGQUIT, SIGTERM, SIGUSR1, SIGUSR2)
* add bar item "tls_version" and buflist format
* add signals "cursor_start" and "cursor_end"
* add function crypto_hmac in API
* add translated string in evaluation of expressions with "translate:xxx"
* add info "weechat_daemon"
* add Python stub for WeeChat API
* add variables "${tg_shell_argc}" and "${tg_shell_argvN}" in command
trigger evaluated strings
* many bugs fixed.
for all changes, please visit:
https://weechat.org/files/changelog/ChangeLog-3.2.html
update to 3.1
New features
* core: add options weechat.look.hotlist_update_on_buffer_switch and
weechat.look.read_marker_update_on_buffer_switch (issue #992, issue
#993)
* core: add option sec.crypt.passphrase_command to read passphrase from
an external program on startup, remove option
sec.crypt.passphrase_file (issue #141)
* core: improve debug in command /eval: display more verbose debug with
two "-d", add indentation and colors
* core: add options "setvar" and "delvar" in command /buffer, rename
option "localvar" to "listvar"
* core: add buffer local variable "completion_default_template"
(evaluated) to override the value of option
"weechat.completion.default_template" (issue #1600)
* core: add option "recreate" in command /filter
* core: add raw string in evaluation of expressions with "raw:xxx"
(issue #1611)
* core: add evaluation of conditions in evaluation of expressions with
"eval_cond:xxx" (issue #1582)
* api: add info_hashtable "secured_data"
* irc: add info "irc_is_message_ignored"
* irc: add server option "default_chantypes", used when the server does
not send them in message 005 (issue #1610)
* trigger: add variable "${tg_trigger_name}" in command trigger
evaluated strings (issue #1580)
Bug fixes
Documentation
update to 3.0.1:
* exec: fix search of command by identifier
* spell: fix refresh of bar item "spell_suggest" when the input becomes
empty (issue #1586)
* spell: fix crash with IRC color codes in command line (issue #1589)
update to 3.0
New features
* api: add optional list of colors in infos "nick_color" and
"nick_color_name" (issue #1565)
* api: add argument "bytes" in function string_dyn_concat
* api: add function string_color_code_size (issue #1547)
* exec: add option "-oerr" to send stderr to buffer (now disabled by
default) (issue #1566)
* fset: add option fset.look.auto_refresh (issue #1553)
* irc: add pointer to irc_nick in focus of bar item "buffer_nicklist"
(issue #1535, issue #1538)
* irc: allow to send text on buffers with commands /allchan, /allpv and
/allserv
* irc: evaluate command executed by commands /allchan, /allpv and
/allserv (issue #1536)
* script: add option script.scripts.download_enabled (issue #1548)
* trigger: add variable "tg_argc" in data set by command trigger (issue
#1576)
* trigger: add variable "tg_trigger_name" in data set by all triggers
(issue #1567, issue #1568)
Bug fixes
* core: set "notify_level" to 3 if there is a highlight in the line
(issue #1529)
* core: do not add line with highlight and tag "notify_none" to hotlist
(issue #1529)
* irc: remove SASL timeout message displayed by error after successful
SASL authentication (issue #1515)
* irc: send all channels in a single JOIN command when reconnecting to
the server (issue #1551)
* script: do not automatically download list of scripts on startup if
the file is too old (issue #1548)
* spell: properly skip WeeChat and IRC color codes when checking words
in input (issue #1547)
* trigger: fix recursive calls to triggers using regex (issue #1546)
* trigger: add ${tg_tags} !!- ,notify_none, in conditions of default
trigger "beep" (issue #1529)
Tests
Build
new .desktop file from weechat sources
update to 2.9
New features
Bug fixes
Documentation
Tests
Build
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-83=1
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P