From a1173885097328f366e81e8a7ec5e8da4afc05c3 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Tue, 6 Jun 2017 22:37:34 -0400 Subject: security: group bugs by advisory --- _data/security.yml | 254 ++++++++++++++++++++++++++++------------------------- 1 file changed, 135 insertions(+), 119 deletions(-) (limited to '_data') diff --git a/_data/security.yml b/_data/security.yml index 39b7326..d4352b8 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -1,135 +1,151 @@ -- name: CVE-2016-7044 - external_links: - - id: CVE-2016-7044 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.19 (with truecolor) - fixed_version: 0.8.20 +- name: IRSSI-SA-2016 release_date: 2016-09-14 git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b - credit: Gabriel Campana and Adrien Guinet from Quarkslab - description: | - Remote crash and heap corruption in format parsing code + bugs: + - name: CVE-2016-7044 + external_links: + - id: CVE-2016-7044 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 (with truecolor) + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code -- name: CVE-2016-7045 - external_links: - - id: CVE-2016-7045 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.19 - fixed_version: 0.8.20 - release_date: 2016-09-14 - git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b - credit: Gabriel Campana and Adrien Guinet from Quarkslab - description: | - Remote crash and heap corruption in format parsing code + - name: CVE-2016-7045 + external_links: + - id: CVE-2016-7045 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code -- name: CVE-2016-7553 - external_links: - - id: CVE-2016-7553 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 - - id: BUF-PL-SA-2016 - url: https://irssi.org/security/buf_pl_sa_2016.txt - exploitable_by: local users - affected_versions: "buf.pl *-2.13" - fixed_version: buf.pl 2.20 +- name: BUF-PL-SA-2016 release_date: 2016-09-09 - repo: scripts.irssi.org git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a - credit: Juerd Waalboer - description: | - Information disclosure vulnerability + bugs: + - name: CVE-2016-7553 + external_links: + - id: CVE-2016-7553 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 + - id: BUF-PL-SA-2016 + url: https://irssi.org/security/buf_pl_sa_2016.txt + exploitable_by: local users + affected_versions: "buf.pl *-2.13" + fixed_version: buf.pl 2.20 + release_date: 2016-09-09 + repo: scripts.irssi.org + git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a + credit: Juerd Waalboer + description: | + Information disclosure vulnerability -- name: CVE-2017-5193 - external_links: - - id: CVE-2017-5193 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 +- name: IRSSI-SA-2017-01 release_date: 2017-01-05 git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Joseph Bisch - description: | - NULL pointer dereference in the nickcmp function + bugs: + - name: CVE-2017-5193 + external_links: + - id: CVE-2017-5193 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + NULL pointer dereference in the nickcmp function -- name: CVE-2017-5194 - external_links: - - id: CVE-2017-5194 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: - description: | - Use after free when receiving invalid nick message + - name: CVE-2017-5194 + external_links: + - id: CVE-2017-5194 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: + description: | + Use after free when receiving invalid nick message -- name: CVE-2017-5195 - external_links: - - id: CVE-2017-5195 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: client - affected_versions: 0.8.17-0.8.20 - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Joseph Bisch - description: | - Out of bounds read in certain incomplete control codes + - name: CVE-2017-5195 + external_links: + - id: CVE-2017-5195 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + Out of bounds read in certain incomplete control codes -- name: CVE-2017-5196 - external_links: - - id: CVE-2017-5196 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: server - affected_versions: 0.8.18-0.8.20 - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Hanno Böck and independently by Joseph Bisch - description: | - Out of bounds read in certain incomplete character sequences + - name: CVE-2017-5196 + external_links: + - id: CVE-2017-5196 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: 0.8.18-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck and independently by Joseph Bisch + description: | + Out of bounds read in certain incomplete character sequences -- name: CVE-2017-5356 - external_links: - - id: CVE-2017-5356 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt - exploitable_by: local formats - affected_versions: "*-0.8.20" - fixed_version: 0.8.21 - release_date: 2017-01-05 - git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d - credit: Hanno Böck - description: | - Out of bounds read when printing the value %[ + - name: CVE-2017-5356 + external_links: + - id: CVE-2017-5356 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: local formats + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck + description: | + Out of bounds read when printing the value %[ -- name: CVE-2017-7191 - external_links: - - id: CVE-2017-7191 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 - - id: IRSSI-SA-2017-03 - url: https://irssi.org/security/irssi_sa_2017_03.txt - exploitable_by: server - affected_versions: "1.0.0-1.0.1" - fixed_version: 1.0.2 +- name: IRSSI-SA-2017-03 release_date: 2017-03-10 git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 - credit: APic - description: | - Use after free while producing list of netjoins + bugs: + - name: CVE-2017-7191 + external_links: + - id: CVE-2017-7191 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 + - id: IRSSI-SA-2017-03 + url: https://irssi.org/security/irssi_sa_2017_03.txt + exploitable_by: server + affected_versions: "1.0.0-1.0.1" + fixed_version: 1.0.2 + release_date: 2017-03-10 + git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 + credit: APic + description: | + Use after free while producing list of netjoins -- cgit v1.2.3