8 files changed, 181 insertions, 4 deletions

diff --git a/_config.yml b/_config.yml
index 7adf66e..f169ef5 100644
--- a/_config.yml
+++ b/_config.yml
@@ -13,7 +13,7 @@ description: The Client of the Future
 name: Irssi Core Team
 email: staff@irssi.org
 
-gems:
+plugins:
   - jekyll-paginate
   - jekyll-redirect-from
   - jekyll-sitemap
diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml
index cf1fc32..37e04f7 100644
--- a/_data/sb_whatsnew.yml
+++ b/_data/sb_whatsnew.yml
@@ -1,5 +1,5 @@
 -
-  key: irssi-1.0.4-released
+  key: irssi-1.0.5-released
   tag: Security
 -
   key: fuzzing-irssi
diff --git a/_data/security.yml b/_data/security.yml
index a7a1177..e16eb67 100644
--- a/_data/security.yml
+++ b/_data/security.yml
@@ -275,3 +275,49 @@
       fixed_version: 1.0.4
       credit: Brian 'geeknik' Carpenter of Geeknik Labs
       description: 'Use after free after nicklist structure has been corrupted while updating a nick group'
+-
+  name: IRSSI-SA-2017-10
+  release_date: 2017-10-23
+  git_commit: 43e44d553d44e313003cee87e6ea5e24d68b84a1
+  bugs:
+    -
+      cve: CVE-2017-15228
+      exploitable_by: formats
+      affected_versions:
+        to: 1.0.4
+      fixed_version: 1.0.5
+      credit: 'Hanno Böck'
+      description: 'Unterminated colour formatting sequences may cause data access beyond the end of the buffer'
+    -
+      cve: CVE-2017-15227
+      exploitable_by: server
+      affected_versions:
+        to: 1.0.4
+      fixed_version: 1.0.5
+      credit: 'Joseph Bisch'
+      description: 'Failure to remove destroyed channels from the query list while waiting for the channel synchronisation may result in use after free conditions when updating the state later on'
+    -
+      cve: CVE-2017-15721
+      exploitable_by: server
+      affected_versions:
+        to: 1.0.4
+      fixed_version: 1.0.5
+      credit: 'Joseph Bisch'
+      description: 'Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference'
+    -
+      cve: CVE-2017-15723
+      exploitable_by: server
+      affected_versions:
+        from: 0.8.17
+        to: 1.0.4
+      fixed_version: 1.0.5
+      credit: 'Joseph Bisch'
+      description: 'Overlong nicks or targets may result in a NULL pointer dereference while splitting the message'
+    -
+      cve: CVE-2017-15722
+      exploitable_by: server
+      affected_versions:
+        to: 1.0.4
+      fixed_version: 1.0.5
+      credit: 'Joseph Bisch'
+      description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough'
diff --git a/_includes/header.html b/_includes/header.html
index e826db4..57299f1 100644
--- a/_includes/header.html
+++ b/_includes/header.html
@@ -32,6 +32,7 @@
                 {% endcomment %}{% endif %}{% comment %}
                 {% endcomment %}{% endif %}{% comment %}
                 {% endcomment %}{% endfor %}
+                <li><a href="https://github.com/irssi/irssi">Source Code</a></li>
                 <li><a href="//irssi-import.github.io/themes/">Themes</a></li>
                 <li><a href="http://scripts.irssi.org/">Scripts</a></li>
                 <li><a href="https://github.com/irssi/irssi/issues">Bugs</a></li>
diff --git a/_posts/2017-07-23-irssi-1.0.5-released.markdown b/_posts/2017-07-23-irssi-1.0.5-released.markdown
new file mode 100644
index 0000000..23d59c8
--- /dev/null
+++ b/_posts/2017-07-23-irssi-1.0.5-released.markdown
@@ -0,0 +1,31 @@
+---
+layout: post
+title: "Irssi 1.0.5 Released"
+---
+
+Irssi 1.0.5 has been released. This release fixes a few security
+issues in Irssi as well as a few bugs. There are no new
+features. **All Irssi users should upgrade to this version**. See the
+[NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.5/NEWS) for
+details.
+
+Most issues have been identified using fuzzing, thanks to Hanno Böck
+and Joseph Bisch. We expect @jbisch will be able to tell you more
+about his newest fuzzer at http://freenode.live on the weekend!
+
+For more information refer to the [security advisory](/security/irssi_sa_2017_10.txt).
+
+This release can be downloaded from [our releases
+page](https://github.com/irssi/irssi/releases). Binary test packages
+for various Linux distributions are automatically generated by the
+[openSUSE Build Service](https://build.opensuse.org/) and are
+available for download in the
+[irssi-test](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-test;package=irssi)
+repository.
+
+Please check with your distro whether they provide officially updated
+packages.
+
+We currently do not have any alternate advice.
+
+The Irssi Team.
diff --git a/download/index.markdown b/download/index.markdown
index 869af7d..b702ebf 100644
--- a/download/index.markdown
+++ b/download/index.markdown
@@ -3,7 +3,7 @@ layout: page
 title: Getting Irssi
 permalink: /download/
 categories: [ _nav, _6 ]
-version: 1.0.4
+version: 1.0.5
 ---
 
 There are several ways you can get Irssi<span class="hidden-md hidden-lg">:</span>
@@ -15,6 +15,8 @@ There are several ways you can get Irssi<span class="hidden-md hidden-lg">:</spa
 
 </div>
 
+[Security information](/security)
+
 <div class="col-lg-6 col-md-7" markdown="1">
 
 ## Binary Packages
diff --git a/security/index.html b/security/index.html
index 44391f2..af51403 100644
--- a/security/index.html
+++ b/security/index.html
@@ -2,8 +2,11 @@
 layout: page
 title: Security
 permalink: security/
-categories: [ _nav ]
 ---
+
+Please report security issues to staff&#64;irssi&#46;org. Thanks!
+
+<h2>Past issues overview</h2>
 <table class="table">
     <thead>
 	<tr class="text-nowrap">
diff --git a/security/irssi_sa_2017_10.txt b/security/irssi_sa_2017_10.txt
new file mode 100644
index 0000000..11d382a
--- /dev/null
+++ b/security/irssi_sa_2017_10.txt
@@ -0,0 +1,94 @@
+IRSSI-SA-2017-10 Irssi Security Advisory [1]
+============================================
+CVE-2017-15228, CVE-2017-15227, CVE-2017-15721, CVE-2017-15722,
+CVE-2017-15723
+
+Description
+-----------
+
+Multiple vulnerabilities have been located in Irssi.
+
+(a) When installing themes with unterminated colour formatting
+    sequences, Irssi may access data beyond the end of the
+    string. (CWE-126) Found by Hanno Böck.
+
+    CVE-2017-15228 was assigned to this issue.
+
+(b) While waiting for the channel synchronisation, Irssi may
+    incorrectly fail to remove destroyed channels from the query list,
+    resulting in use after free conditions when updating the state
+    later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)
+
+    CVE-2017-15227 was assigned to this issue.
+
+(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
+    pointer dereference. Found by Joseph Bisch. This is a separate,
+    but similar issue to CVE-2017-9468. (CWE-690)
+
+    CVE-2017-15721 was assigned to this issue.
+
+(d) Overlong nicks or targets may result in a NULL pointer dereference
+    while splitting the message. Found by Joseph Bisch. (CWE-690)
+
+    CVE-2017-15722 was assigned to this issue.
+
+(e) In certain cases Irssi may fail to verify that a Safe channel ID
+    is long enough, causing reads beyond the end of the string. Found
+    by Joseph Bisch. (CWE-126)
+
+    CVE-2017-15723 was assigned to this issue.
+
+
+Impact
+------
+
+(a,b,c,d) May result in denial of service (remote crash).
+
+(e) May affect the stability of Irssi.
+
+
+Affected versions
+-----------------
+
+(a,b,c,e) All Irssi versions that we observed.
+
+(d) Starting from 0.8.17.
+
+
+Fixed in
+--------
+
+Irssi 1.0.5
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.5. Irssi 1.0.5 is a maintenance release in the
+1.0 series, without any new features.
+
+After installing the updated packages, one can issue the /upgrade
+command to load the new binary. TLS connections will require
+/reconnect.
+
+
+Mitigating facts
+----------------
+
+(a) requires user to install malicious or broken theme file
+
+(b,c,e) requires a broken ircd or control over the ircd
+
+(d) irc servers typically have length limits in place
+
+
+Patch
+-----
+
+https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2017_10.txt