diff options
author | Joseph Bisch <joseph.bisch@gmail.com> | 2017-06-06 22:37:34 -0400 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-08 19:04:30 +0200 |
commit | a1173885097328f366e81e8a7ec5e8da4afc05c3 (patch) | |
tree | 07d4bc94a18e5875a67d6c03d7e35939cbdc57f6 | |
parent | ae980fc859d9c895f19a4a9011f5289e7b0a74a4 (diff) | |
download | irssi.github.io-a1173885097328f366e81e8a7ec5e8da4afc05c3.zip |
security: group bugs by advisory
-rw-r--r-- | _data/security.yml | 254 | ||||
-rw-r--r-- | security/index.html | 55 |
2 files changed, 169 insertions, 140 deletions
diff --git a/_data/security.yml b/_data/security.yml index 39b7326..d4352b8 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -1,135 +1,151 @@ -- name: CVE-2016-7044 - external_links: - - id: CVE-2016-7044 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.19 (with truecolor) - fixed_version: 0.8.20 +- name: IRSSI-SA-2016 release_date: 2016-09-14 git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b - credit: Gabriel Campana and Adrien Guinet from Quarkslab - description: | - Remote crash and heap corruption in format parsing code + bugs: + - name: CVE-2016-7044 + external_links: + - id: CVE-2016-7044 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 (with truecolor) + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code -- name: CVE-2016-7045 - external_links: - - id: CVE-2016-7045 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.19 - fixed_version: 0.8.20 - release_date: 2016-09-14 - git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b - credit: Gabriel Campana and Adrien Guinet from Quarkslab - description: | - Remote crash and heap corruption in format parsing code + - name: CVE-2016-7045 + external_links: + - id: CVE-2016-7045 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code -- name: CVE-2016-7553 - external_links: - - id: CVE-2016-7553 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 - - id: BUF-PL-SA-2016 - url: https://irssi.org/security/buf_pl_sa_2016.txt - exploitable_by: local users - affected_versions: "buf.pl *-2.13" - fixed_version: buf.pl 2.20 +- name: BUF-PL-SA-2016 release_date: 2016-09-09 - repo: scripts.irssi.org git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a - credit: Juerd Waalboer - description: | - Information disclosure vulnerability + bugs: + - name: CVE-2016-7553 + external_links: + - id: CVE-2016-7553 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 + - id: BUF-PL-SA-2016 + url: https://irssi.org/security/buf_pl_sa_2016.txt + exploitable_by: local users + affected_versions: "buf.pl *-2.13" + fixed_version: buf.pl 2.20 + release_date: 2016-09-09 + repo: scripts.irssi.org + git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a + credit: Juerd Waalboer + description: | + Information disclosure vulnerability -- name: CVE-2017-5193 - external_links: - - id: CVE-2017-5193 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 +- name: IRSSI-SA-2017-01 release_date: 2017-01-05 git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Joseph Bisch - description: | - NULL pointer dereference in the nickcmp function + bugs: + - name: CVE-2017-5193 + external_links: + - id: CVE-2017-5193 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + NULL pointer dereference in the nickcmp function -- name: CVE-2017-5194 - external_links: - - id: CVE-2017-5194 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: - description: | - Use after free when receiving invalid nick message + - name: CVE-2017-5194 + external_links: + - id: CVE-2017-5194 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: + description: | + Use after free when receiving invalid nick message -- name: CVE-2017-5195 - external_links: - - id: CVE-2017-5195 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.20 - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Joseph Bisch - description: | - Out of bounds read in certain incomplete control codes + - name: CVE-2017-5195 + external_links: + - id: CVE-2017-5195 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + Out of bounds read in certain incomplete control codes -- name: CVE-2017-5196 - external_links: - - id: CVE-2017-5196 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: 0.8.18-0.8.20 - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Hanno Böck and independently by Joseph Bisch - description: | - Out of bounds read in certain incomplete character sequences + - name: CVE-2017-5196 + external_links: + - id: CVE-2017-5196 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: 0.8.18-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck and independently by Joseph Bisch + description: | + Out of bounds read in certain incomplete character sequences -- name: CVE-2017-5356 - external_links: - - id: CVE-2017-5356 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: local formats - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Hanno Böck - description: | - Out of bounds read when printing the value %[ + - name: CVE-2017-5356 + external_links: + - id: CVE-2017-5356 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: local formats + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck + description: | + Out of bounds read when printing the value %[ -- name: CVE-2017-7191 - external_links: - - id: CVE-2017-7191 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 - - id: IRSSI-SA-2017-03 - url: https://irssi.org/security/irssi_sa_2017_03.txt - exploitable_by: server - affected_versions: "1.0.0-1.0.1" - fixed_version: 1.0.2 +- name: IRSSI-SA-2017-03 release_date: 2017-03-10 git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 - credit: APic - description: | - Use after free while producing list of netjoins + bugs: + - name: CVE-2017-7191 + external_links: + - id: CVE-2017-7191 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 + - id: IRSSI-SA-2017-03 + url: https://irssi.org/security/irssi_sa_2017_03.txt + exploitable_by: server + affected_versions: "1.0.0-1.0.1" + fixed_version: 1.0.2 + release_date: 2017-03-10 + git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 + credit: APic + description: | + Use after free while producing list of netjoins diff --git a/security/index.html b/security/index.html index e370d87..dd66378 100644 --- a/security/index.html +++ b/security/index.html @@ -7,34 +7,47 @@ categories: [ _nav ] <table class="table"> <thead> <tr class="text-nowrap"> - <th>Release date</th> <th>Links</th> + <th>Exploitable by</th> <th>Affected versions</th> <th>Fixed in version</th> - <th>Exploitable by</th> - <th>Description</th> + <th>Release date</th> + <th>Git commit</th> <th>Credit</th> + <th>Description</th> </tr> </thead> <tbody> -{% assign items = site.data.security %} -{% for values in items reversed %} - <tr> - <td class="text-nowrap">{{ values.release_date }}</td> - <td class="text-nowrap"> - {% for link in values.external_links %} - <div><a href="{{ link.url }}">{{ link.id }}</a></div> - {% endfor %} - <div><a href="https://github.com/irssi/{% if values.repo %}{{ values.repo }}{% else %}irssi{% endif %}/commit/{{ values.git_commit }}">git commit (fix)</a></div> - </td> - <td>{{ values.affected_versions }}</td> - <td> - {{ values.fixed_version }} - </td> - <td>{{ values.exploitable_by }}</td> - <td>{{ values.description }}</td> - <td>{{ values.credit }}</td> - </tr> +{% assign advisories = site.data.security %} +{% for advisory in advisories reversed %} + <tr> + <td>{{ advisory.name }}</td> + <td></td> + <td></td> + <td></td> + <td>{{ advisory.release_date }}</td> + <td><a href="https://github.com/irssi/{% if advisory.repo %}{{ advisory.repo }}{% else %}irssi{% endif %}/commit/{{ advisory.git_commit }}">{{ advisory.git_commit | truncate: 8, "" }}</a></td> + <td></td> + <td></td> + </tr> + {% for bug in advisory.bugs %} + <tr> + <td class="text-nowrap"> + {% for link in bug.external_links %} + <div><a href="{{ link.url }}">{{ link.id }}</a></div> + {% endfor %} + </td> + <td>{{ bug.exploitable_by }}</td> + <td>{{ bug.affected_versions }}</td> + <td> + {{ bug.fixed_version }} + </td> + <td></td> + <td></td> + <td>{{ bug.credit }}</td> + <td>{{ bug.description }}</td> + </tr> + {% endfor %} {% endfor %} </tbody> </table> |