diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2017-07-05 22:38:05 +0200 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-07-07 14:21:55 +0200 |
commit | 94bd3ab3f3c7fbbd0b22e82481fb45ac48f18933 (patch) | |
tree | 15041f9da191a0e3b1f46e4d53d29267ed1b2da8 /_data/security.yml | |
parent | 285ff64480eeed66217d82b1f1117cb3d7be18a6 (diff) | |
download | irssi.github.io-94bd3ab3f3c7fbbd0b22e82481fb45ac48f18933.zip |
Release Irssi 1.0.4
Diffstat (limited to '_data/security.yml')
-rw-r--r-- | _data/security.yml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/_data/security.yml b/_data/security.yml index 5494e2b..a7a1177 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -254,3 +254,24 @@ fixed_version: 1.0.3 credit: 'Joseph Bisch' description: 'Out of bounds read when parsing incorrectly quoted DCC files' +- + name: IRSSI-SA-2017-07 + release_date: 2017-07-07 + git_commit: 5e26325317c72a04c1610ad952974e206384d291 + bugs: + - + cve: CVE-2017-10965 + exploitable_by: server + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'NULL pointer dereference when receiving messages with invalid timestamp' + - + cve: CVE-2017-10966 + exploitable_by: client + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'Use after free after nicklist structure has been corrupted while updating a nick group' |