move security data into collection, add templates

1 files changed, 2 insertions, 224 deletions

diff --git a/_data/security.yml b/_data/security.yml
index 49671b0..30ed602 100644
--- a/_data/security.yml
+++ b/_data/security.yml
@@ -1,4 +1,5 @@
 ---
+# New issues go to _security/irssi_sa_YYYY_MM.txt
 # -
 #   name: Name of the bug group / security advisory, e.g.: IRSSI-SA-2099-01
 #   link: link to the advisory, e.g.: http://www.openwall.com/xxx (optional)
@@ -133,227 +134,4 @@
       credit: 'Aurelien Delaitre (SATE 2009)'
       description: |
         core/nicklist.c in Irssi allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.
--
-  name: IRSSI-SA-2016
-  release_date: 2016-09-14
-  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
-  bugs:
-    -
-      cve: CVE-2016-7044
-      exploitable_by: client
-      affected_versions:
-        from: 0.8.17
-        to: 0.8.19
-      affected_note_bottom: '(with truecolor)'
-      fixed_version: 0.8.20
-      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
-      description: 'Remote crash and heap corruption in format parsing code'
-    -
-      cve: CVE-2016-7045
-      exploitable_by: client
-      affected_versions:
-        from: 0.8.17
-        to: 0.8.19
-      fixed_version: 0.8.20
-      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
-      description: 'Remote crash and heap corruption in format parsing code'
--
-  name: BUF-PL-SA-2016
-  affected_note: buf.pl
-  release_date: 2016-09-09
-  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
-  repo: scripts.irssi.org
-  bugs:
-    -
-      cve: CVE-2016-7553
-      exploitable_by: local
-      affected_versions:
-        to: '2.13'
-      fixed_version: '2.20'
-      credit: 'Juerd Waalboer'
-      description: 'Information disclosure vulnerability'
--
-  name: IRSSI-SA-2017-01
-  release_date: 2017-01-05
-  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
-  bugs:
-    -
-      cve: CVE-2017-5193
-      exploitable_by: server
-      affected_versions:
-        to: 0.8.20
-      fixed_version: 0.8.21
-      credit: 'Joseph Bisch'
-      description: 'NULL pointer dereference in the nickcmp function'
-    -
-      cve: CVE-2017-5194
-      exploitable_by: server
-      affected_versions:
-        to: 0.8.20
-      fixed_version: 0.8.21
-      credit: ~
-      description: 'Use after free when receiving invalid nick message'
-    -
-      cve: CVE-2017-5356
-      exploitable_by: formats
-      affected_versions:
-        to: 0.8.20
-      fixed_version: 0.8.21
-      credit: 'Hanno Böck'
-      description: 'Out of bounds read when printing the value %['
-    -
-      cve: CVE-2017-5195
-      exploitable_by: client
-      affected_versions:
-        from: 0.8.17
-        to: 0.8.20
-      fixed_version: 0.8.21
-      credit: 'Joseph Bisch'
-      description: 'Out of bounds read in certain incomplete control codes'
-    -
-      cve: CVE-2017-5196
-      exploitable_by: server
-      affected_versions:
-        from: 0.8.18
-        to: 0.8.20
-      fixed_version: 0.8.21
-      credit: 'Hanno Böck and independently by Joseph Bisch'
-      description: 'Out of bounds read in certain incomplete character sequences'
--
-  name: IRSSI-SA-2017-03
-  release_date: 2017-03-10
-  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
-  bugs:
-    -
-      cve: CVE-2017-7191
-      exploitable_by: server
-      affected_versions:
-        from: 1.0.0
-        to: 1.0.1
-      fixed_version: 1.0.2
-      credit: APic
-      description: 'Use after free while producing list of netjoins'
--
-  name: IRSSI-SA-2017-06
-  release_date: 2017-06-06
-  git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55
-  bugs:
-    -
-      cve: CVE-2017-9468
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.2
-      fixed_version: 1.0.3
-      credit: 'Joseph Bisch'
-      description: 'NULL pointer dereference when receiving a DCC message without source nick/host'
-    -
-      cve: CVE-2017-9469
-      exploitable_by: client
-      affected_versions:
-        to: 1.0.2
-      fixed_version: 1.0.3
-      credit: 'Joseph Bisch'
-      description: 'Out of bounds read when parsing incorrectly quoted DCC files'
--
-  name: IRSSI-SA-2017-07
-  release_date: 2017-07-07
-  git_commit: 5e26325317c72a04c1610ad952974e206384d291
-  bugs:
-    -
-      cve: CVE-2017-10965
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.3
-      fixed_version: 1.0.4
-      credit: Brian 'geeknik' Carpenter of Geeknik Labs
-      description: 'NULL pointer dereference when receiving messages with invalid timestamp'
-    -
-      cve: CVE-2017-10966
-      exploitable_by: client
-      affected_versions:
-        to: 1.0.3
-      fixed_version: 1.0.4
-      credit: Brian 'geeknik' Carpenter of Geeknik Labs
-      description: 'Use after free after nicklist structure has been corrupted while updating a nick group'
--
-  name: IRSSI-SA-2017-10
-  release_date: 2017-10-23
-  git_commit: 43e44d553d44e313003cee87e6ea5e24d68b84a1
-  bugs:
-    -
-      cve: CVE-2017-15228
-      exploitable_by: formats
-      affected_versions:
-        to: 1.0.4
-      fixed_version: 1.0.5
-      credit: 'Hanno Böck'
-      description: 'Unterminated colour formatting sequences may cause data access beyond the end of the buffer'
-    -
-      cve: CVE-2017-15227
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.4
-      fixed_version: 1.0.5
-      credit: 'Joseph Bisch'
-      description: 'Failure to remove destroyed channels from the query list while waiting for the channel synchronisation may result in use after free conditions when updating the state later on'
-    -
-      cve: CVE-2017-15721
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.4
-      fixed_version: 1.0.5
-      credit: 'Joseph Bisch'
-      description: 'Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference'
-    -
-      cve: CVE-2017-15723
-      exploitable_by: server
-      affected_versions:
-        from: 0.8.17
-        to: 1.0.4
-      fixed_version: 1.0.5
-      credit: 'Joseph Bisch'
-      description: 'Overlong nicks or targets may result in a NULL pointer dereference while splitting the message'
-    -
-      cve: CVE-2017-15722
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.4
-      fixed_version: 1.0.5
-      credit: 'Joseph Bisch'
-      description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough'
--
-  name: IRSSI-SA-2018-01
-  release_date: 2018-01-07
-  bugs:
-    -
-      cve: CVE-2018-5206
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.5
-      fixed_version: 1.0.6
-      credit: 'Joseph Bisch'
-      description: 'When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.'
-    -
-      cve: CVE-2018-5205
-      exploitable_by: formats
-      affected_versions:
-        to: 1.0.5
-      fixed_version: 1.0.6
-      credit: 'Joseph Bisch'
-      description: 'When using incomplete escape codes, Irssi may access data beyond the end of the string.'
-    -
-      cve: CVE-2018-5208
-      exploitable_by: server
-      affected_versions:
-        to: 1.0.5
-      fixed_version: 1.0.6
-      credit: 'Joseph Bisch'
-      description: 'A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.'
-    -
-      cve: CVE-2018-5207
-      exploitable_by: formats
-      affected_versions:
-        to: 1.0.5
-      fixed_version: 1.0.6
-      credit: 'Joseph Bisch'
-      description: 'When using an incomplete variable argument, Irssi may access data beyond the end of the string.'
+# New issues go to _security/irssi_sa_YYYY_MM.txt