diff options
| author | Ailin Nemui <ailin@z30a.localdomain> | 2017-07-05 22:38:05 +0200 |
|---|---|---|
| committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-07-07 14:21:55 +0200 |
| commit | 94bd3ab3f3c7fbbd0b22e82481fb45ac48f18933 (patch) | |
| tree | 15041f9da191a0e3b1f46e4d53d29267ed1b2da8 /_data | |
| parent | 285ff64480eeed66217d82b1f1117cb3d7be18a6 (diff) | |
| download | irssi.github.io-94bd3ab3f3c7fbbd0b22e82481fb45ac48f18933.zip | |
Release Irssi 1.0.4
Diffstat (limited to '_data')
| -rw-r--r-- | _data/sb_whatsnew.yml | 2 | ||||
| -rw-r--r-- | _data/security.yml | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml index e83f52f..cf1fc32 100644 --- a/_data/sb_whatsnew.yml +++ b/_data/sb_whatsnew.yml @@ -1,5 +1,5 @@ - - key: irssi-1.0.3-released + key: irssi-1.0.4-released tag: Security - key: fuzzing-irssi diff --git a/_data/security.yml b/_data/security.yml index 5494e2b..a7a1177 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -254,3 +254,24 @@ fixed_version: 1.0.3 credit: 'Joseph Bisch' description: 'Out of bounds read when parsing incorrectly quoted DCC files' +- + name: IRSSI-SA-2017-07 + release_date: 2017-07-07 + git_commit: 5e26325317c72a04c1610ad952974e206384d291 + bugs: + - + cve: CVE-2017-10965 + exploitable_by: server + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'NULL pointer dereference when receiving messages with invalid timestamp' + - + cve: CVE-2017-10966 + exploitable_by: client + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'Use after free after nicklist structure has been corrupted while updating a nick group' |