enable security collections

1 files changed, 0 insertions, 75 deletions

diff --git a/security/irssi_sa_2017_07.txt b/security/irssi_sa_2017_07.txt
deleted file mode 100644
index 90229ac..0000000
--- a/security/irssi_sa_2017_07.txt
+++ /dev/null
@@ -1,75 +0,0 @@
-IRSSI-SA-2017-07 Irssi Security Advisory [1]
-============================================
-CVE-2017-10965, CVE-2017-10966.
-
-Description
------------
-
-Two vulnerabilities have been located in Irssi.
-
-(a) When receiving messages with invalid time stamps, Irssi would try
-    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
-    of Geeknik Labs. (CWE-690)
-
-    CVE-2017-10965 [2] was assigned to this bug
-
-(b) While updating the internal nick list, Irssi may incorrectly use
-    the GHashTable interface and free the nick while updating it. This
-    will then result in use-after-free conditions on each access of
-    the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
-    Labs. (CWE-416 caused by CWE-227)
-
-    CVE-2017-10966 [3] was assigned to this bug
-
-
-Impact
-------
-
-(a) May result in denial of service (remote crash).
-
-(b) Undefined behaviour.
-
-
-Affected versions
------------------
-
-All Irssi versions that we observed.
-
-
-Fixed in
---------
-
-Irssi 1.0.4
-
-
-Recommended action
-------------------
-
-Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the
-1.0 series, without any new features.
-
-After installing the updated packages, one can issue the /upgrade
-command to load the new binary. TLS connections will require
-/reconnect.
-
-
-Mitigating facts
-----------------
-
-(a) requires control over the ircd
-
-(b) should not happen with a conforming ircd
-
-
-Patch
------
-
-https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
-
-
-References
-----------
-
-[1] https://irssi.org/security/irssi_sa_2017_07.txt
-[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
-[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966