1 files changed, 135 insertions, 0 deletions

diff --git a/_data/security.yml b/_data/security.yml
new file mode 100644
index 0000000..39b7326
--- /dev/null
+++ b/_data/security.yml
@@ -0,0 +1,135 @@
+- name: CVE-2016-7044
+  external_links:
+          - id: CVE-2016-7044
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044
+          - id: IRSSI-SA-2016
+            url: https://irssi.org/security/irssi_sa_2016.txt
+  exploitable_by: client
+  affected_versions: 0.8.17-0.8.19 (with truecolor)
+  fixed_version: 0.8.20
+  release_date: 2016-09-14
+  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
+  credit: Gabriel Campana and Adrien Guinet from Quarkslab
+  description: |
+          Remote crash and heap corruption in format parsing code
+
+- name: CVE-2016-7045
+  external_links:
+          - id: CVE-2016-7045
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045
+          - id: IRSSI-SA-2016
+            url: https://irssi.org/security/irssi_sa_2016.txt
+  exploitable_by: client
+  affected_versions: 0.8.17-0.8.19
+  fixed_version: 0.8.20
+  release_date: 2016-09-14
+  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
+  credit: Gabriel Campana and Adrien Guinet from Quarkslab
+  description: |
+          Remote crash and heap corruption in format parsing code
+
+- name: CVE-2016-7553
+  external_links:
+          - id: CVE-2016-7553
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
+          - id: BUF-PL-SA-2016
+            url: https://irssi.org/security/buf_pl_sa_2016.txt
+  exploitable_by: local users
+  affected_versions: "buf.pl *-2.13"
+  fixed_version: buf.pl 2.20
+  release_date: 2016-09-09
+  repo: scripts.irssi.org
+  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
+  credit: Juerd Waalboer
+  description: |
+          Information disclosure vulnerability
+
+- name: CVE-2017-5193
+  external_links:
+          - id: CVE-2017-5193
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
+          - id: IRSSI-SA-2017-01
+            url: https://irssi.org/security/irssi_sa_2017_01.txt
+  exploitable_by: server
+  affected_versions: "*-0.8.20"
+  fixed_version: 0.8.21
+  release_date: 2017-01-05
+  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+  credit: Joseph Bisch
+  description: |
+          NULL pointer dereference in the nickcmp function
+
+- name: CVE-2017-5194
+  external_links:
+          - id: CVE-2017-5194
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
+          - id: IRSSI-SA-2017-01
+            url: https://irssi.org/security/irssi_sa_2017_01.txt
+  exploitable_by: server
+  affected_versions: "*-0.8.20"
+  fixed_version: 0.8.21
+  release_date: 2017-01-05
+  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+  credit: 
+  description: |
+          Use after free when receiving invalid nick message
+
+- name: CVE-2017-5195
+  external_links:
+          - id: CVE-2017-5195
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
+          - id: IRSSI-SA-2017-01
+            url: https://irssi.org/security/irssi_sa_2017_01.txt
+  exploitable_by: client
+  affected_versions: 0.8.17-0.8.20
+  fixed_version: 0.8.21
+  release_date: 2017-01-05
+  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+  credit: Joseph Bisch
+  description: |
+          Out of bounds read in certain incomplete control codes
+
+- name: CVE-2017-5196
+  external_links:
+          - id: CVE-2017-5196
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
+          - id: IRSSI-SA-2017-01
+            url: https://irssi.org/security/irssi_sa_2017_01.txt
+  exploitable_by: server
+  affected_versions: 0.8.18-0.8.20
+  fixed_version: 0.8.21
+  release_date: 2017-01-05
+  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+  credit: Hanno Böck and independently by Joseph Bisch
+  description: |
+          Out of bounds read in certain incomplete character sequences
+
+- name: CVE-2017-5356
+  external_links:
+          - id: CVE-2017-5356
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
+          - id: IRSSI-SA-2017-01
+            url: https://irssi.org/security/irssi_sa_2017_01.txt
+  exploitable_by: local formats
+  affected_versions: "*-0.8.20"
+  fixed_version: 0.8.21
+  release_date: 2017-01-05
+  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
+  credit: Hanno Böck
+  description: |
+          Out of bounds read when printing the value %[
+
+- name: CVE-2017-7191
+  external_links:
+          - id: CVE-2017-7191
+            url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
+          - id: IRSSI-SA-2017-03
+            url: https://irssi.org/security/irssi_sa_2017_03.txt
+  exploitable_by: server
+  affected_versions: "1.0.0-1.0.1"
+  fixed_version: 1.0.2
+  release_date: 2017-03-10
+  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
+  credit: APic
+  description: |
+          Use after free while producing list of netjoins