diff options
| author | Ailin Nemui <ailin@z30a.localdomain> | 2017-10-22 15:30:40 +0200 |
|---|---|---|
| committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-10-22 15:30:40 +0200 |
| commit | 6d139d40a31a7bdb40ac659b9834d816405cdeec (patch) | |
| tree | 8e459a55e4c2e92e7db9de19afa39b4583326f50 /_data | |
| parent | 9ab87ea27dd4af0e5f26b09d6bb008889098fc16 (diff) | |
| download | irssi.github.io-6d139d40a31a7bdb40ac659b9834d816405cdeec.zip | |
Release Irssi 1.0.5
Diffstat (limited to '_data')
| -rw-r--r-- | _data/sb_whatsnew.yml | 2 | ||||
| -rw-r--r-- | _data/security.yml | 46 |
2 files changed, 47 insertions, 1 deletions
diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml index cf1fc32..37e04f7 100644 --- a/_data/sb_whatsnew.yml +++ b/_data/sb_whatsnew.yml @@ -1,5 +1,5 @@ - - key: irssi-1.0.4-released + key: irssi-1.0.5-released tag: Security - key: fuzzing-irssi diff --git a/_data/security.yml b/_data/security.yml index a7a1177..e16eb67 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -275,3 +275,49 @@ fixed_version: 1.0.4 credit: Brian 'geeknik' Carpenter of Geeknik Labs description: 'Use after free after nicklist structure has been corrupted while updating a nick group' +- + name: IRSSI-SA-2017-10 + release_date: 2017-10-23 + git_commit: 43e44d553d44e313003cee87e6ea5e24d68b84a1 + bugs: + - + cve: CVE-2017-15228 + exploitable_by: formats + affected_versions: + to: 1.0.4 + fixed_version: 1.0.5 + credit: 'Hanno Böck' + description: 'Unterminated colour formatting sequences may cause data access beyond the end of the buffer' + - + cve: CVE-2017-15227 + exploitable_by: server + affected_versions: + to: 1.0.4 + fixed_version: 1.0.5 + credit: 'Joseph Bisch' + description: 'Failure to remove destroyed channels from the query list while waiting for the channel synchronisation may result in use after free conditions when updating the state later on' + - + cve: CVE-2017-15721 + exploitable_by: server + affected_versions: + to: 1.0.4 + fixed_version: 1.0.5 + credit: 'Joseph Bisch' + description: 'Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference' + - + cve: CVE-2017-15723 + exploitable_by: server + affected_versions: + from: 0.8.17 + to: 1.0.4 + fixed_version: 1.0.5 + credit: 'Joseph Bisch' + description: 'Overlong nicks or targets may result in a NULL pointer dereference while splitting the message' + - + cve: CVE-2017-15722 + exploitable_by: server + affected_versions: + to: 1.0.4 + fixed_version: 1.0.5 + credit: 'Joseph Bisch' + description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough' |