From c9408d4db42806b9fdc2de3725e61824b90134ab Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@z30a.localdomain>
Date: Thu, 22 Sep 2016 04:20:02 +0200
Subject: publish buf.pl information

---
 _includes/sb_whatsnew.html               |  2 +-
 _posts/2016-09-22-buf.pl-update.markdown | 51 ++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 _posts/2016-09-22-buf.pl-update.markdown

diff --git a/_includes/sb_whatsnew.html b/_includes/sb_whatsnew.html
index c5d4fa5..64683bb 100644
--- a/_includes/sb_whatsnew.html
+++ b/_includes/sb_whatsnew.html
@@ -1,3 +1,3 @@
+<p><small>2016-09-22</small> <a href="/2016/09/22/buf.pl-update">buf.pl update available!</a> </p>
 <p><small>2016-09-21</small> <a href="/2016/09/21/irssi-0.8.20-released">Irssi 0.8.20 has been released!</a> </p>
-<p><small>2016-03-24</small> <a href="/2016/03/24/irssi-0.8.19-released">Irssi 0.8.19 has been released!</a> </p>
 <p><small>2015-12-15</small> <a href="/2015/12/14/irssi-website-now-on-github-pages">Irssi site now on github pages!</a> </p>
diff --git a/_posts/2016-09-22-buf.pl-update.markdown b/_posts/2016-09-22-buf.pl-update.markdown
new file mode 100644
index 0000000..410d011
--- /dev/null
+++ b/_posts/2016-09-22-buf.pl-update.markdown
@@ -0,0 +1,51 @@
+---
+layout: post
+title: "buf.pl update available"
+---
+
+An information disclosure vulnerability was found, reported and fixed
+in the buf.pl script by its author.
+
+CWE Classification: CWE-732, CWE-538
+
+### Impact
+
+Other users on the same machine may be able to retrieve the whole
+window contents after /UPGRADE when the buf.pl script is
+loaded. Furthermore, this dump of the windows contents is never
+removed afterwards.
+
+Since buf.pl is also an Irssi core script and we recommended its use
+to retain your window content, many people could potentially be
+affected by this.
+
+Remote users may be able to retrieve these contents when combined with
+other path traversal vulnerabilities in public facing services on that
+machine.
+
+### Detailed analysis
+
+buf.pl restores the scrollbuffer between "/upgrade"s by writing the
+contents to a file, and reading that after the new process was spawned.
+Through that file, the contents of (private) chat conversations may leak to
+other users.
+
+### Mitigating facts
+
+Careful users with a limited umask (e.g. 077) are not affected by this bug.
+However, most Linux systems default to a umask of 022, meaning that files
+written without further restricting the permissions, are readable by any
+user.
+
+### Affected versions
+
+All up to 2.13
+
+### Fixed versions
+
+[buf.pl](//scripts.irssi.org/scripts/buf.pl) 2.20
+
+### Resolution
+
+Update the buf.pl script with the latest version from
+[scripts.irssi.org](//scripts.irssi.org).
\ No newline at end of file
-- 
cgit v1.2.3