Release Irssi 1.0.6

5 files changed, 147 insertions, 2 deletions

diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml
index 37e04f7..41ec6dc 100644
--- a/_data/sb_whatsnew.yml
+++ b/_data/sb_whatsnew.yml
@@ -1,5 +1,5 @@
 -
-  key: irssi-1.0.5-released
+  key: irssi-1.0.6-released
   tag: Security
 -
   key: fuzzing-irssi
diff --git a/_data/security.yml b/_data/security.yml
index e16eb67..49671b0 100644
--- a/_data/security.yml
+++ b/_data/security.yml
@@ -321,3 +321,39 @@
       fixed_version: 1.0.5
       credit: 'Joseph Bisch'
       description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough'
+-
+  name: IRSSI-SA-2018-01
+  release_date: 2018-01-07
+  bugs:
+    -
+      cve: CVE-2018-5206
+      exploitable_by: server
+      affected_versions:
+        to: 1.0.5
+      fixed_version: 1.0.6
+      credit: 'Joseph Bisch'
+      description: 'When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.'
+    -
+      cve: CVE-2018-5205
+      exploitable_by: formats
+      affected_versions:
+        to: 1.0.5
+      fixed_version: 1.0.6
+      credit: 'Joseph Bisch'
+      description: 'When using incomplete escape codes, Irssi may access data beyond the end of the string.'
+    -
+      cve: CVE-2018-5208
+      exploitable_by: server
+      affected_versions:
+        to: 1.0.5
+      fixed_version: 1.0.6
+      credit: 'Joseph Bisch'
+      description: 'A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.'
+    -
+      cve: CVE-2018-5207
+      exploitable_by: formats
+      affected_versions:
+        to: 1.0.5
+      fixed_version: 1.0.6
+      credit: 'Joseph Bisch'
+      description: 'When using an incomplete variable argument, Irssi may access data beyond the end of the string.'
diff --git a/_posts/2018-01-07-irssi-1.0.6-released.markdown b/_posts/2018-01-07-irssi-1.0.6-released.markdown
new file mode 100644
index 0000000..7f903ec
--- /dev/null
+++ b/_posts/2018-01-07-irssi-1.0.6-released.markdown
@@ -0,0 +1,31 @@
+---
+layout: post
+title: "Irssi 1.0.6 Released"
+---
+
+Happy new year from the Irssi Team!
+
+Irssi 1.0.6 has been released. This release fixes a few security
+issues in Irssi as well as a few bugs. There are no new
+features. **All Irssi users should upgrade to this version**. See the
+[NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.6/NEWS) for
+details.
+
+Most issues have been identified using fuzzing, thanks to Joseph Bisch.
+
+For more information refer to the [security advisory](/security/irssi_sa_2018_01.txt).
+
+This release can be downloaded from [our releases
+page](https://github.com/irssi/irssi/releases). Binary test packages
+for various Linux distributions are automatically generated by the
+[openSUSE Build Service](https://build.opensuse.org/) and are
+available for download in the
+[irssi-test](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-test;package=irssi)
+repository.
+
+Please check with your distro whether they provide officially updated
+packages.
+
+We currently do not have any alternate advice.
+
+The Irssi Team.
diff --git a/download/index.markdown b/download/index.markdown
index b702ebf..482ec5e 100644
--- a/download/index.markdown
+++ b/download/index.markdown
@@ -3,7 +3,7 @@ layout: page
 title: Getting Irssi
 permalink: /download/
 categories: [ _nav, _6 ]
-version: 1.0.5
+version: 1.0.6
 ---
 
 There are several ways you can get Irssi<span class="hidden-md hidden-lg">:</span>
diff --git a/security/irssi_sa_2018_01.txt b/security/irssi_sa_2018_01.txt
new file mode 100644
index 0000000..a9a3686
--- /dev/null
+++ b/security/irssi_sa_2018_01.txt
@@ -0,0 +1,78 @@
+IRSSI-SA-2018-01 Irssi Security Advisory [1]
+============================================
+CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207
+
+Description
+-----------
+
+Multiple vulnerabilities have been located in Irssi.
+
+(a) When the channel topic is set without specifying a sender, Irssi
+    may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
+
+    CVE-2018-5206 was assigned to this issue.
+
+(b) When using incomplete escape codes, Irssi may access data beyond
+    the end of the string. (CWE-126) Found by Joseph Bisch.
+
+    CVE-2018-5205 was assigned to this issue.
+
+(c) A calculation error in the completion code could cause a heap
+    buffer overflow when completing certain strings. (CWE-126) Found
+    by Joseph Bisch.
+
+    CVE-2018-5208 was assigned to this issue.
+
+(d) When using an incomplete variable argument, Irssi may access data
+    beyond the end of the string. (CWE-126) Found by Joseph Bisch.
+
+    CVE-2018-5207 was assigned to this issue.
+
+
+Impact
+------
+
+May affect the stability of Irssi.
+
+
+Affected versions
+-----------------
+
+(a,b,c,d) All Irssi versions that we observed.
+
+
+Fixed in
+--------
+
+Irssi 1.0.6
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.6. Irssi 1.0.6 is a maintenance release in the
+1.0 series, without any new features.
+
+After installing the updated packages, one can issue the /upgrade
+command to load the new binary. TLS connections will require
+/reconnect.
+
+
+Mitigating facts
+----------------
+
+(a) requires a broken ircd or control over the ircd
+
+(b,d) requires user to install malicious or broken files or enter
+      affected commands
+
+
+Patch
+-----
+https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2018_01.txt