diff options
Diffstat (limited to '_data')
-rw-r--r-- | _data/sb_whatsnew.yml | 2 | ||||
-rw-r--r-- | _data/security.yml | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml index 37e04f7..41ec6dc 100644 --- a/_data/sb_whatsnew.yml +++ b/_data/sb_whatsnew.yml @@ -1,5 +1,5 @@ - - key: irssi-1.0.5-released + key: irssi-1.0.6-released tag: Security - key: fuzzing-irssi diff --git a/_data/security.yml b/_data/security.yml index e16eb67..49671b0 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -321,3 +321,39 @@ fixed_version: 1.0.5 credit: 'Joseph Bisch' description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough' +- + name: IRSSI-SA-2018-01 + release_date: 2018-01-07 + bugs: + - + cve: CVE-2018-5206 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.' + - + cve: CVE-2018-5205 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using incomplete escape codes, Irssi may access data beyond the end of the string.' + - + cve: CVE-2018-5208 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.' + - + cve: CVE-2018-5207 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using an incomplete variable argument, Irssi may access data beyond the end of the string.' |