From a29ad0fceae2fd65bbb09881cdcb3092f763fbdc Mon Sep 17 00:00:00 2001 From: Ailin Nemui Date: Fri, 9 Jun 2017 11:21:49 +0200 Subject: document how to use the security.yml --- _data/security.yml | 55 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 17 deletions(-) (limited to '_data') diff --git a/_data/security.yml b/_data/security.yml index f229a7c..bf7f51f 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -1,4 +1,41 @@ --- +# - +# name: Name of the bug group / security advisory, ex: IRSSI-SA-2099-01 +# link: link to the advisory, ex: http://www.openwall.com/xxx (optional) +# affected_note: Some additional info for the Versions column, ex: script.pl if group affects only a single script (optional) +# release_date: date of release in YYYY-mm-dd format, ex: 2099-01-02 +# repo: repository for the git commit, ex: scripts.irssi.org (optional, defaults to irssi) +# git_commit: git commit for the whole advisory (optional) +# # List of bugs +# bugs: +# - +# cve: CVE of bug, ex: CVE-2099-0999 (optional) +# name: name for the bug (in reference to the group), ex: (a) (optional) +# link: link to more information about the bug (optional) +# important: when True, will highlight the row in yellow (optional) +# # additional external links to display in the first column (optional) +# external_links: +# - +# id: text for the link +# url: href for the link +# - +# # add more links here... +# exploitable_by: one of server/client/local/formats/local (remote)/remote +# affected_note_top: some remark to show on a row before the versions (optional) +# # which versions are affected +# affected_versions: +# from: first version affected +# to: last version affected +# affected_note_bottom: some remarks to show below the versions, ex: only with compile flags xxx +# fixed_version: first version with the fix +# repo: repository for the git commit, ex: scripts.irssi.org (optional, defaults to irssi) +# git_commit: git commit of the individual bug fix (optional) +# credit: whom to credit for the discovery +# description: Content of the description column +# - +# # add the next bug here... +# - +# # Add the next bug group / security advisory here... - name: Historic bugs: @@ -6,7 +43,6 @@ cve: CVE-2002-0983 exploitable_by: client affected_versions: - from: '*' to: 0.8.4 fixed_version: 0.8.6 git_commit: b9b0917897bd3b78d105c3229deb390daa204cdd @@ -19,7 +55,6 @@ important: True affected_versions: from: 0.8.4 - to: 0.8.4 affected_note_bottom: 'downloaded after 2002-03-14' description: | The download server was compromised and the download was backdoored, which allows remote attackers to access the system. Always check the GPG signature! @@ -31,7 +66,6 @@ cve: CVE-2003-1020 exploitable_by: client affected_versions: - from: '*' to: 0.8.8 fixed_version: 0.8.9 git_commit: ae7f177fb0ac0732239d3ff1b8dd208a31a7354d @@ -47,7 +81,6 @@ exploitable_by: client affected_versions: from: 0.8.9+ - to: 0.8.9+ fixed_version: 0.8.10 git_commit: 6d42a00287ff144c5c597b5da158961e0c22847d description: | @@ -60,7 +93,6 @@ cve: CVE-2007-4396 exploitable_by: local (remote) affected_versions: - from: '*' to: 0.8.10 fixed_version: 0.8.11 git_commit: f0fb4c19d45e25fddee76e7c442b1e900666cd0c @@ -75,7 +107,6 @@ cve: CVE-2009-1959 exploitable_by: client affected_versions: - from: '*' to: 0.8.13 fixed_version: 0.8.14 git_commit: 1f9c560a7408bf5550e030b5ac0c07dad5435eb1 @@ -89,7 +120,6 @@ - cve: CVE-2010-1155 affected_versions: - from: '*' to: 0.8.14 fixed_version: 0.8.15 git_commit: bb4ce4562bd04eeb24a5953dd8da5c843c04e328 @@ -99,7 +129,6 @@ cve: CVE-2010-1156 exploitable_by: client affected_versions: - from: '*' to: 0.8.14 fixed_version: 0.8.15 git_commit: 1aa10ece887afd5d64eca1211aeced6cab310680 @@ -143,7 +172,6 @@ cve: CVE-2016-7553 exploitable_by: local affected_versions: - from: '*' to: '2.13' fixed_version: '2.20' credit: 'Juerd Waalboer' @@ -157,7 +185,6 @@ cve: CVE-2017-5193 exploitable_by: server affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: 'Joseph Bisch' @@ -166,7 +193,6 @@ cve: CVE-2017-5194 exploitable_by: server affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: ~ @@ -175,7 +201,6 @@ cve: CVE-2017-5356 exploitable_by: formats affected_versions: - from: '*' to: 0.8.20 fixed_version: 0.8.21 credit: 'Hanno Böck' @@ -208,7 +233,6 @@ exploitable_by: server affected_versions: from: 1.0.0 - to: 1.0.0 fixed_version: 1.0.1 credit: 'Joseph Bisch' description: 'Memory leak in some cases where a hostile server would send certain incomplete SASL replies' @@ -217,7 +241,6 @@ name: '(b)' exploitable_by: '-' affected_versions: - from: '*' to: 1.0.0 fixed_version: 1.0.1 credit: 'Hanno Böck' @@ -247,7 +270,6 @@ cve: CVE-2017-9468 exploitable_by: server affected_versions: - from: '*' to: 1.0.2 fixed_version: 1.0.3 credit: 'Joseph Bisch' @@ -256,8 +278,7 @@ cve: CVE-2017-9469 exploitable_by: client affected_versions: - from: '*' to: 1.0.2 fixed_version: 1.0.3 credit: 'Joseph Bisch' - description: 'Out of bounds read when parsing incorrectly quoted DCC files' \ No newline at end of file + description: 'Out of bounds read when parsing incorrectly quoted DCC files' -- cgit v1.2.3