diff options
author | dequis <dx@dxzone.com.ar> | 2017-06-05 21:38:37 -0300 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-08 19:04:30 +0200 |
commit | ae980fc859d9c895f19a4a9011f5289e7b0a74a4 (patch) | |
tree | 9beb15e44cfd16756bf90eb7e2f97f1084e2bf6c /_data/security.yml | |
parent | 6dfcd4ac349313ee607cd55f07e0d5edaf812b6e (diff) | |
download | irssi.github.io-ae980fc859d9c895f19a4a9011f5289e7b0a74a4.zip |
Merge all security data files to _data/security.yml
for i in _data/security/*; do
basename $i | sed -r 's/^(.*)\.yml/- name: \1/g';
cat $i | sed 's/^/ /';
echo;
done > _data/security.yml
Diffstat (limited to '_data/security.yml')
-rw-r--r-- | _data/security.yml | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/_data/security.yml b/_data/security.yml new file mode 100644 index 0000000..39b7326 --- /dev/null +++ b/_data/security.yml @@ -0,0 +1,135 @@ +- name: CVE-2016-7044 + external_links: + - id: CVE-2016-7044 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 (with truecolor) + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code + +- name: CVE-2016-7045 + external_links: + - id: CVE-2016-7045 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code + +- name: CVE-2016-7553 + external_links: + - id: CVE-2016-7553 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 + - id: BUF-PL-SA-2016 + url: https://irssi.org/security/buf_pl_sa_2016.txt + exploitable_by: local users + affected_versions: "buf.pl *-2.13" + fixed_version: buf.pl 2.20 + release_date: 2016-09-09 + repo: scripts.irssi.org + git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a + credit: Juerd Waalboer + description: | + Information disclosure vulnerability + +- name: CVE-2017-5193 + external_links: + - id: CVE-2017-5193 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + NULL pointer dereference in the nickcmp function + +- name: CVE-2017-5194 + external_links: + - id: CVE-2017-5194 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: + description: | + Use after free when receiving invalid nick message + +- name: CVE-2017-5195 + external_links: + - id: CVE-2017-5195 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + Out of bounds read in certain incomplete control codes + +- name: CVE-2017-5196 + external_links: + - id: CVE-2017-5196 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: 0.8.18-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck and independently by Joseph Bisch + description: | + Out of bounds read in certain incomplete character sequences + +- name: CVE-2017-5356 + external_links: + - id: CVE-2017-5356 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: local formats + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck + description: | + Out of bounds read when printing the value %[ + +- name: CVE-2017-7191 + external_links: + - id: CVE-2017-7191 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 + - id: IRSSI-SA-2017-03 + url: https://irssi.org/security/irssi_sa_2017_03.txt + exploitable_by: server + affected_versions: "1.0.0-1.0.1" + fixed_version: 1.0.2 + release_date: 2017-03-10 + git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 + credit: APic + description: | + Use after free while producing list of netjoins |