complete the records

author: Ailin Nemui <ailin@z30a.localdomain> 2017-06-08 21:53:17 +0200
committer: Ailin Nemui <ailin@z30a.localdomain> 2017-06-08 21:53:17 +0200
commit: 401abd7f03ae48a0465eb30f069e065667f0e7c3 (patch)
tree: d79180d0937debed6dc779ef8b0267cf02da2011 /_data
parent: 527444ce40f93651cefebd5bed43fe6df0f6a8ab (diff)
download: irssi.github.io-401abd7f03ae48a0465eb30f069e065667f0e7c3.zip
1 files changed, 132 insertions, 0 deletions
diff --git a/_data/security.yml b/_data/security.yml
index 72b9974..f229a7c 100644
--- a/_data/security.yml
+++ b/_data/security.yml
@@ -1,5 +1,112 @@
 ---
 -
+  name: Historic
+  bugs:
+    -
+      cve: CVE-2002-0983
+      exploitable_by: client
+      affected_versions:
+        from: '*'
+        to: 0.8.4
+      fixed_version: 0.8.6
+      git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd
+      credit: ripe@7a69ezine.org
+      description: |
+        Denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. 
+    -
+      cve: CVE-2002-1840
+      exploitable_by: remote
+      important: True
+      affected_versions:
+        from: 0.8.4
+        to: 0.8.4
+      affected_note_bottom: 'downloaded after 2002-03-14'
+      description: |
+        The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature!
+-
+  name: 0.8.9 issues
+  release_date: 2003-12-11
+  bugs:
+    -
+      cve: CVE-2003-1020
+      exploitable_by: client
+      affected_versions:
+        from: '*'
+        to: 0.8.8
+      fixed_version: 0.8.9
+      git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d
+      credit: Rico Gloeckner
+      description: |
+        The format_send_to_gui function allows remote IRC users to cause a denial of service (crash).
+-
+  name: 0.8.10 issues
+  release_date: 2006-03-01
+  bugs:
+    -
+      cve: CVE-2006-0458
+      exploitable_by: client
+      affected_versions:
+        from: 0.8.9+
+        to: 0.8.9+
+      fixed_version: 0.8.10
+      git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d
+      description: |
+        The DCC ACCEPT command handler allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
+-
+  name: 0.8.11 issues
+  release_date: 2007-08-12
+  bugs:
+    -
+      cve: CVE-2007-4396
+      exploitable_by: local (remote)
+      affected_versions:
+        from: '*'
+        to: 0.8.10
+      fixed_version: 0.8.11
+      git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c
+      credit: 'Wouter Coekaerts'
+      description: |
+        Multiple CRLF injection vulnerabilities in several scripts for Irssi allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences.
+-
+  name: 0.8.14 issues
+  release_date: 2009-05-28
+  bugs:
+    -
+      cve: CVE-2009-1959
+      exploitable_by: client
+      affected_versions:
+        from: '*'
+        to: 0.8.13
+      fixed_version: 0.8.14
+      git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1
+      credit: nemo@felinemenace.org
+      description: |
+        Off-by-one error in the event_wallops function allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
+-
+  name: 0.8.15 issues
+  release_date: 2010-04-03
+  bugs:
+    -
+      cve: CVE-2010-1155
+      affected_versions:
+        from: '*'
+        to: 0.8.14
+      fixed_version: 0.8.15
+      git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328
+      description: |
+        Irssi does not verify that the server hostname matches a domain name in the SSL certificate.
+    -
+      cve: CVE-2010-1156
+      exploitable_by: client
+      affected_versions:
+        from: '*'
+        to: 0.8.14
+      fixed_version: 0.8.15
+      git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680
+      credit: 'Aurelien Delaitre (SATE 2009)'
+      description: |
+        core/nicklist.c in Irssi allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
+-
   name: IRSSI-SA-2016
   release_date: 2016-09-14
   git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
@@ -92,6 +199,31 @@
       credit: 'Hanno Böck and independently by Joseph Bisch'
       description: 'Out of bounds read in certain incomplete character sequences'
 -
+  name: Bulletin
+  release_date: 2017-02-05
+  link: http://www.openwall.com/lists/oss-security/2017/02/05/8
+  bugs:
+    -
+      name: '(a)'
+      exploitable_by: server
+      affected_versions:
+        from: 1.0.0
+        to: 1.0.0
+      fixed_version: 1.0.1
+      credit: 'Joseph Bisch'
+      description: 'Memory leak in some cases where a hostile server would send certain incomplete SASL replies'
+      git_commit: 19c51789967a2f63da033e60f6ef08848b9cd144
+    -
+      name: '(b)'
+      exploitable_by: '-'
+      affected_versions:
+        from: '*'
+        to: 1.0.0
+      fixed_version: 1.0.1
+      credit: 'Hanno Böck'
+      description: 'Missing NULL sentinel when initialising the Perl interpreter'
+      git_commit: 1f42d2aa950e4d70bf4c4aebae3a7040bd710cf3
+-
   name: IRSSI-SA-2017-03
   release_date: 2017-03-10
   git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
author	Ailin Nemui <ailin@z30a.localdomain>	2017-06-08 21:53:17 +0200
committer	Ailin Nemui <ailin@z30a.localdomain>	2017-06-08 21:53:17 +0200
commit	401abd7f03ae48a0465eb30f069e065667f0e7c3 (patch)
tree	d79180d0937debed6dc779ef8b0267cf02da2011 /_data
parent	527444ce40f93651cefebd5bed43fe6df0f6a8ab (diff)
download	irssi.github.io-401abd7f03ae48a0465eb30f069e065667f0e7c3.zip