From 63599d405ac18718e64878ea17f6abcfe4032b52 Mon Sep 17 00:00:00 2001 From: Ailin Nemui Date: Thu, 8 Jun 2017 19:40:06 +0200 Subject: add 2017-06-06 --- _data/security.yml | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to '_data') diff --git a/_data/security.yml b/_data/security.yml index 64d5c64..a87cde8 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -61,7 +61,7 @@ to: 0.8.20 fixed_version: 0.8.21 credit: ~ - description: "Use after free when receiving invalid nick message\n" + description: 'Use after free when receiving invalid nick message' - cve: CVE-2017-5356 exploitable_by: formats @@ -88,7 +88,7 @@ to: 0.8.20 fixed_version: 0.8.21 credit: 'Hanno Böck and independently by Joseph Bisch' - description: "Out of bounds read in certain incomplete character sequences\n" + description: 'Out of bounds read in certain incomplete character sequences' - name: IRSSI-SA-2017-03 release_date: 2017-03-10 @@ -103,4 +103,27 @@ to: 1.0.1 fixed_version: 1.0.2 credit: APic - description: "Use after free while producing list of netjoins\n" + description: 'Use after free while producing list of netjoins' +- + name: IRSSI-SA-2017-06 + release_date: 2017-06-06 + git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55 + bugs: + - + cve: CVE-2017-9468 + exploitable_by: server + affected_versions: + from: '*' + to: 1.0.2 + fixed_version: 1.0.3 + credit: 'Joseph Bisch' + description: 'NULL pointer dereference when receiving a DCC message without source nick/host' + - + cve: CVE-2017-9469 + exploitable_by: client + affected_versions: + from: '*' + to: 1.0.2 + fixed_version: 1.0.3 + credit: 'Joseph Bisch' + description: 'Out of bounds read when parsing incorrectly quoted DCC files' \ No newline at end of file -- cgit v1.2.3