enable security collections

1 files changed, 0 insertions, 73 deletions

diff --git a/security/irssi_sa_2017_06.txt b/security/irssi_sa_2017_06.txt
deleted file mode 100644
index 0d01f92..0000000
--- a/security/irssi_sa_2017_06.txt
+++ /dev/null
@@ -1,73 +0,0 @@
-IRSSI-SA-2017-06 Irssi Security Advisory [1]
-============================================
-CVE-2017-9468, CVE-2017-9469
-
-Description
------------
-
-Two vulnerabilities have been located in Irssi.
-
-(a) When receiving a DCC message without source nick/host, Irssi would
-    attempt to dereference a NULL pointer. Found by Joseph
-    Bisch. (CWE-690)
-
-    CVE-2017-9468 [2] was assigned to this bug
-
-(b) When receiving certain incorrectly quoted DCC files, Irssi would
-    try to find the terminating quote one byte before the allocated
-    memory. Found by Joseph Bisch. (CWE-129, CWE-127)
-    
-    CVE-2017-9469 [3] was assigned to this bug
-
-
-Impact
-------
-
-(a) May result in denial of service (remote crash).
-
-(b) May result in denial of service (remote crash), but in practice
-    this seems to be very unlikely unless address sanitizer is
-    enabled.
-
-
-Affected versions
------------------
-
-All Irssi versions that we observed.
-
-
-Fixed in
---------
-
-Irssi 1.0.3
-
-
-Recommended action
-------------------
-
-Upgrade to Irssi 1.0.3. Irssi 1.0.3 is a maintenance release in the
-1.0 series, without any new features.
-
-After installing the updated packages, one can issue the /upgrade
-command to load the new binary. TLS connections will require
-/reconnect.
-
-
-Mitigating facts
-----------------
-
-(a) requires control over the ircd
-
-
-Patch
------
-
-https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
-
-
-References
-----------
-
-[1] https://irssi.org/security/irssi_sa_2017_06.txt
-[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
-[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469