From aa3679cf00f9a46c1c2584f35dc955787d25c8ea Mon Sep 17 00:00:00 2001 From: Ailin Nemui Date: Sat, 6 Jan 2018 15:06:19 +0100 Subject: Release Irssi 1.0.6 --- _data/sb_whatsnew.yml | 2 +- _data/security.yml | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) (limited to '_data') diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml index 37e04f7..41ec6dc 100644 --- a/_data/sb_whatsnew.yml +++ b/_data/sb_whatsnew.yml @@ -1,5 +1,5 @@ - - key: irssi-1.0.5-released + key: irssi-1.0.6-released tag: Security - key: fuzzing-irssi diff --git a/_data/security.yml b/_data/security.yml index e16eb67..49671b0 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -321,3 +321,39 @@ fixed_version: 1.0.5 credit: 'Joseph Bisch' description: 'Read beyond end of buffer may occur if a Safe channel ID is not long enough' +- + name: IRSSI-SA-2018-01 + release_date: 2018-01-07 + bugs: + - + cve: CVE-2018-5206 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer.' + - + cve: CVE-2018-5205 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using incomplete escape codes, Irssi may access data beyond the end of the string.' + - + cve: CVE-2018-5208 + exploitable_by: server + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'A calculation error in the completion code could cause a heap buffer overflow when completing certain strings.' + - + cve: CVE-2018-5207 + exploitable_by: formats + affected_versions: + to: 1.0.5 + fixed_version: 1.0.6 + credit: 'Joseph Bisch' + description: 'When using an incomplete variable argument, Irssi may access data beyond the end of the string.' -- cgit v1.2.3