diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2018-01-06 15:06:19 +0100 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2018-01-06 15:10:09 +0100 |
commit | aa3679cf00f9a46c1c2584f35dc955787d25c8ea (patch) | |
tree | 3ddd04e5a8831eb7da2996a516049ad8917b5c1b /_data/security.yml | |
parent | 76a9a3d63bc839ce16e21d7d0a306d86e08c8a6f (diff) | |
download | irssi.github.io-aa3679cf00f9a46c1c2584f35dc955787d25c8ea.zip |
Release Irssi 1.0.6
Diffstat (limited to '_data/security.yml')
-rw-r--r-- | _data/security.yml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/_data/security.yml b/_data/security.yml index e16eb67..49671b0 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -321,3 +321,39 @@ fixed_version: 1.0.5 credit: 'Joseph Bisch' description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough' +- + name: IRSSI-SA-2018-01 + release_date: 2018-01-07 + bugs: + - + cve: CVE-2018-5206 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.' + - + cve: CVE-2018-5205 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using incomplete escape codes, Irssi may access data beyond the end of the string.' + - + cve: CVE-2018-5208 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.' + - + cve: CVE-2018-5207 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using an incomplete variable argument, Irssi may access data beyond the end of the string.' |