diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-09 11:21:49 +0200 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-09 11:21:49 +0200 |
commit | a29ad0fceae2fd65bbb09881cdcb3092f763fbdc (patch) | |
tree | 32111113958f4e2912b6bccafb3b1ead5229ffc1 | |
parent | 401abd7f03ae48a0465eb30f069e065667f0e7c3 (diff) | |
download | irssi.github.io-a29ad0fceae2fd65bbb09881cdcb3092f763fbdc.zip |
document how to use the security.yml
-rw-r--r-- | _data/security.yml | 55 | ||||
-rw-r--r-- | security/index.html | 8 |
2 files changed, 42 insertions, 21 deletions
diff --git a/_data/security.yml b/_data/security.yml index f229a7c..bf7f51f 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -1,4 +1,41 @@ --- +# - +# name: Name of the bug group / security advisory, ex: IRSSI-SA-2099-01 +# link: link to the advisory, ex: http://www.openwall.com/xxx (optional) +# affected_note: Some additional info for the Versions column, ex: script.pl if group affects only a single script (optional) +# release_date: date of release in YYYY-mm-dd format, ex: 2099-01-02 +# repo: repository for the git commit, ex: scripts.irssi.org (optional, defaults to irssi) +# git_commit: git commit for the whole advisory (optional) +# # List of bugs +# bugs: +# - +# cve: CVE of bug, ex: CVE-2099-0999 (optional) +# name: name for the bug (in reference to the group), ex: (a) (optional) +# link: link to more information about the bug (optional) +# important: when True, will highlight the row in yellow (optional) +# # additional external links to display in the first column (optional) +# external_links: +# - +# id: text for the link +# url: href for the link +# - +# # add more links here... +# exploitable_by: one of server/client/local/formats/local (remote)/remote +# affected_note_top: some remark to show on a row before the versions (optional) +# # which versions are affected +# affected_versions: +# from: first version affected +# to: last version affected +# affected_note_bottom: some remarks to show below the versions, ex: only with compile flags xxx +# fixed_version: first version with the fix +# repo: repository for the git commit, ex: scripts.irssi.org (optional, defaults to irssi) +# git_commit: git commit of the individual bug fix (optional) +# credit: whom to credit for the discovery +# description: Content of the description column +# - +# # add the next bug here... +# - +# # Add the next bug group / security advisory here... - name: Historic bugs: @@ -6,7 +43,6 @@ cve: CVE-2002-0983 exploitable_by: client affected_versions: - from: '*' to: 0.8.4 fixed_version: 0.8.6 git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd @@ -19,7 +55,6 @@ important: True affected_versions: from: 0.8.4 - to: 0.8.4 affected_note_bottom: 'downloaded after 2002-03-14' description: | The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature! @@ -31,7 +66,6 @@ cve: CVE-2003-1020 exploitable_by: client affected_versions: - from: '*' to: 0.8.8 fixed_version: 0.8.9 git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d @@ -47,7 +81,6 @@ exploitable_by: client affected_versions: from: 0.8.9+ - to: 0.8.9+ fixed_version: 0.8.10 git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d description: | @@ -60,7 +93,6 @@ cve: CVE-2007-4396 exploitable_by: local (remote) affected_versions: - from: '*' to: 0.8.10 fixed_version: 0.8.11 git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c @@ -75,7 +107,6 @@ cve: CVE-2009-1959 exploitable_by: client affected_versions: - from: '*' to: 0.8.13 fixed_version: 0.8.14 git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1 @@ -89,7 +120,6 @@ - cve: CVE-2010-1155 affected_versions: - from: '*' to: 0.8.14 fixed_version: 0.8.15 git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328 @@ -99,7 +129,6 @@ cve: CVE-2010-1156 exploitable_by: client affected_versions: - from: '*' to: 0.8.14 fixed_version: 0.8.15 git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680 @@ -143,7 +172,6 @@ cve: CVE-2016-7553 exploitable_by: local affected_versions: - from: '*' to: '2.13' fixed_version: '2.20' credit: 'Juerd Waalboer' @@ -157,7 +185,6 @@ cve: CVE-2017-5193 exploitable_by: server affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: 'Joseph Bisch' @@ -166,7 +193,6 @@ cve: CVE-2017-5194 exploitable_by: server affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: ~ @@ -175,7 +201,6 @@ cve: CVE-2017-5356 exploitable_by: formats affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: 'Hanno Böck' @@ -208,7 +233,6 @@ exploitable_by: server affected_versions: from: 1.0.0 - to: 1.0.0 fixed_version: 1.0.1 credit: 'Joseph Bisch' description: 'Memory leak in some cases where a hostile server would send certain incomplete SASL replies' @@ -217,7 +241,6 @@ name: '(b)' exploitable_by: '-' affected_versions: - from: '*' to: 1.0.0 fixed_version: 1.0.1 credit: 'Hanno Böck' @@ -247,7 +270,6 @@ cve: CVE-2017-9468 exploitable_by: server affected_versions: - from: '*' to: 1.0.2 fixed_version: 1.0.3 credit: 'Joseph Bisch' @@ -256,8 +278,7 @@ cve: CVE-2017-9469 exploitable_by: client affected_versions: - from: '*' to: 1.0.2 fixed_version: 1.0.3 credit: 'Joseph Bisch' - description: 'Out of bounds read when parsing incorrectly quoted DCC files'
\ No newline at end of file + description: 'Out of bounds read when parsing incorrectly quoted DCC files' diff --git a/security/index.html b/security/index.html index 8c85029..e48251c 100644 --- a/security/index.html +++ b/security/index.html @@ -42,8 +42,8 @@ categories: [ _nav ] </td> <td rowspan="3">{{ bug.exploitable_by }}</td> {% if bug.affected_note_top %}<td class="has-next-row" colspan="4">{{ bug.affected_note_top }}</td>{% else %} - <td class="has-next-row">{{ bug.affected_versions.from }}</td> - <td class="has-next-row">–</td> + <td class="has-next-row">{% if bug.affected_versions.from %}{{ bug.affected_versions.from }}{% else %}*{% endif %}</td> + <td class="has-next-row">{% if bug.affected_versions.to %}–{% endif %}</td> <td class="has-next-row">{{ bug.affected_versions.to }}</td> <td class="has-next-row"> {% if bug.git_commit %}<a href="https://github.com/irssi/{% if bug.repo %}{{ bug.repo }}{% else %}irssi{% endif %}/commit/{{ bug.git_commit }}">{{ bug.fixed_version }}</a>{% else %}{{ bug.fixed_version }}{% endif %} @@ -55,8 +55,8 @@ categories: [ _nav ] </tr> <tr{% if bug.important %} class="warning"{% endif %}> {% if bug.affected_note_top %} - <td class="has-next-row has-previous-row">{{ bug.affected_versions.from }}</td> - <td class="has-next-row has-previous-row">–</td> + <td class="has-next-row has-previous-row">{% if bug.affected_versions.from %}{{ bug.affected_versions.from }}{% else %}*{% endif %}</td> + <td class="has-next-row has-previous-row">{% if bug.affected_versions.to %}–{% endif %}</td> <td class="has-next-row has-previous-row">{{ bug.affected_versions.to }}</td> <td class="has-next-row has-previous-row"> {% if bug.git_commit %}<a href="https://github.com/irssi/{% if bug.repo %}{{ bug.repo }}{% else %}irssi{% endif %}/commit/{{ bug.git_commit }}">{{ bug.fixed_version }}</a>{% else %}{{ bug.fixed_version }}{% endif %} |