From ae980fc859d9c895f19a4a9011f5289e7b0a74a4 Mon Sep 17 00:00:00 2001 From: dequis Date: Mon, 5 Jun 2017 21:38:37 -0300 Subject: Merge all security data files to _data/security.yml for i in _data/security/*; do basename $i | sed -r 's/^(.*)\.yml/- name: \1/g'; cat $i | sed 's/^/ /'; echo; done > _data/security.yml --- _data/security.yml | 135 +++++++++++++++++++++++++++++++++++++++ _data/security/CVE-2016-7044.yml | 13 ---- _data/security/CVE-2016-7045.yml | 13 ---- _data/security/CVE-2016-7553.yml | 14 ---- _data/security/CVE-2017-5193.yml | 13 ---- _data/security/CVE-2017-5194.yml | 13 ---- _data/security/CVE-2017-5195.yml | 13 ---- _data/security/CVE-2017-5196.yml | 13 ---- _data/security/CVE-2017-5356.yml | 13 ---- _data/security/CVE-2017-7191.yml | 13 ---- 10 files changed, 135 insertions(+), 118 deletions(-) create mode 100644 _data/security.yml delete mode 100644 _data/security/CVE-2016-7044.yml delete mode 100644 _data/security/CVE-2016-7045.yml delete mode 100644 _data/security/CVE-2016-7553.yml delete mode 100644 _data/security/CVE-2017-5193.yml delete mode 100644 _data/security/CVE-2017-5194.yml delete mode 100644 _data/security/CVE-2017-5195.yml delete mode 100644 _data/security/CVE-2017-5196.yml delete mode 100644 _data/security/CVE-2017-5356.yml delete mode 100644 _data/security/CVE-2017-7191.yml (limited to '_data') diff --git a/_data/security.yml b/_data/security.yml new file mode 100644 index 0000000..39b7326 --- /dev/null +++ b/_data/security.yml @@ -0,0 +1,135 @@ +- name: CVE-2016-7044 + external_links: + - id: CVE-2016-7044 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 (with truecolor) + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code + +- name: CVE-2016-7045 + external_links: + - id: CVE-2016-7045 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 + - id: IRSSI-SA-2016 + url: https://irssi.org/security/irssi_sa_2016.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.19 + fixed_version: 0.8.20 + release_date: 2016-09-14 + git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b + credit: Gabriel Campana and Adrien Guinet from Quarkslab + description: | + Remote crash and heap corruption in format parsing code + +- name: CVE-2016-7553 + external_links: + - id: CVE-2016-7553 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 + - id: BUF-PL-SA-2016 + url: https://irssi.org/security/buf_pl_sa_2016.txt + exploitable_by: local users + affected_versions: "buf.pl *-2.13" + fixed_version: buf.pl 2.20 + release_date: 2016-09-09 + repo: scripts.irssi.org + git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a + credit: Juerd Waalboer + description: | + Information disclosure vulnerability + +- name: CVE-2017-5193 + external_links: + - id: CVE-2017-5193 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + NULL pointer dereference in the nickcmp function + +- name: CVE-2017-5194 + external_links: + - id: CVE-2017-5194 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: + description: | + Use after free when receiving invalid nick message + +- name: CVE-2017-5195 + external_links: + - id: CVE-2017-5195 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: client + affected_versions: 0.8.17-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Joseph Bisch + description: | + Out of bounds read in certain incomplete control codes + +- name: CVE-2017-5196 + external_links: + - id: CVE-2017-5196 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: server + affected_versions: 0.8.18-0.8.20 + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck and independently by Joseph Bisch + description: | + Out of bounds read in certain incomplete character sequences + +- name: CVE-2017-5356 + external_links: + - id: CVE-2017-5356 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 + - id: IRSSI-SA-2017-01 + url: https://irssi.org/security/irssi_sa_2017_01.txt + exploitable_by: local formats + affected_versions: "*-0.8.20" + fixed_version: 0.8.21 + release_date: 2017-01-05 + git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + credit: Hanno Böck + description: | + Out of bounds read when printing the value %[ + +- name: CVE-2017-7191 + external_links: + - id: CVE-2017-7191 + url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 + - id: IRSSI-SA-2017-03 + url: https://irssi.org/security/irssi_sa_2017_03.txt + exploitable_by: server + affected_versions: "1.0.0-1.0.1" + fixed_version: 1.0.2 + release_date: 2017-03-10 + git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 + credit: APic + description: | + Use after free while producing list of netjoins diff --git a/_data/security/CVE-2016-7044.yml b/_data/security/CVE-2016-7044.yml deleted file mode 100644 index 60ab416..0000000 --- a/_data/security/CVE-2016-7044.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2016-7044 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt -exploitable_by: client -affected_versions: 0.8.17-0.8.19 (with truecolor) -fixed_version: 0.8.20 -release_date: 2016-09-14 -git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b -credit: Gabriel Campana and Adrien Guinet from Quarkslab -description: | - Remote crash and heap corruption in format parsing code diff --git a/_data/security/CVE-2016-7045.yml b/_data/security/CVE-2016-7045.yml deleted file mode 100644 index 6f03346..0000000 --- a/_data/security/CVE-2016-7045.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2016-7045 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 - - id: IRSSI-SA-2016 - url: https://irssi.org/security/irssi_sa_2016.txt -exploitable_by: client -affected_versions: 0.8.17-0.8.19 -fixed_version: 0.8.20 -release_date: 2016-09-14 -git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b -credit: Gabriel Campana and Adrien Guinet from Quarkslab -description: | - Remote crash and heap corruption in format parsing code diff --git a/_data/security/CVE-2016-7553.yml b/_data/security/CVE-2016-7553.yml deleted file mode 100644 index aa95539..0000000 --- a/_data/security/CVE-2016-7553.yml +++ /dev/null @@ -1,14 +0,0 @@ -external_links: - - id: CVE-2016-7553 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 - - id: BUF-PL-SA-2016 - url: https://irssi.org/security/buf_pl_sa_2016.txt -exploitable_by: local users -affected_versions: "buf.pl *-2.13" -fixed_version: buf.pl 2.20 -release_date: 2016-09-09 -repo: scripts.irssi.org -git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a -credit: Juerd Waalboer -description: | - Information disclosure vulnerability diff --git a/_data/security/CVE-2017-5193.yml b/_data/security/CVE-2017-5193.yml deleted file mode 100644 index c419842..0000000 --- a/_data/security/CVE-2017-5193.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-5193 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt -exploitable_by: server -affected_versions: "*-0.8.20" -fixed_version: 0.8.21 -release_date: 2017-01-05 -git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d -credit: Joseph Bisch -description: | - NULL pointer dereference in the nickcmp function diff --git a/_data/security/CVE-2017-5194.yml b/_data/security/CVE-2017-5194.yml deleted file mode 100644 index 53b60ef..0000000 --- a/_data/security/CVE-2017-5194.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-5194 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt -exploitable_by: server -affected_versions: "*-0.8.20" -fixed_version: 0.8.21 -release_date: 2017-01-05 -git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d -credit: -description: | - Use after free when receiving invalid nick message diff --git a/_data/security/CVE-2017-5195.yml b/_data/security/CVE-2017-5195.yml deleted file mode 100644 index 8d9cb67..0000000 --- a/_data/security/CVE-2017-5195.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-5195 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt -exploitable_by: client -affected_versions: 0.8.17-0.8.20 -fixed_version: 0.8.21 -release_date: 2017-01-05 -git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d -credit: Joseph Bisch -description: | - Out of bounds read in certain incomplete control codes diff --git a/_data/security/CVE-2017-5196.yml b/_data/security/CVE-2017-5196.yml deleted file mode 100644 index 1ada2a2..0000000 --- a/_data/security/CVE-2017-5196.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-5196 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt -exploitable_by: server -affected_versions: 0.8.18-0.8.20 -fixed_version: 0.8.21 -release_date: 2017-01-05 -git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d -credit: Hanno Böck and independently by Joseph Bisch -description: | - Out of bounds read in certain incomplete character sequences diff --git a/_data/security/CVE-2017-5356.yml b/_data/security/CVE-2017-5356.yml deleted file mode 100644 index 5f017e7..0000000 --- a/_data/security/CVE-2017-5356.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-5356 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356 - - id: IRSSI-SA-2017-01 - url: https://irssi.org/security/irssi_sa_2017_01.txt -exploitable_by: local formats -affected_versions: "*-0.8.20" -fixed_version: 0.8.21 -release_date: 2017-01-05 -git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d -credit: Hanno Böck -description: | - Out of bounds read when printing the value %[ diff --git a/_data/security/CVE-2017-7191.yml b/_data/security/CVE-2017-7191.yml deleted file mode 100644 index b6417ad..0000000 --- a/_data/security/CVE-2017-7191.yml +++ /dev/null @@ -1,13 +0,0 @@ -external_links: - - id: CVE-2017-7191 - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191 - - id: IRSSI-SA-2017-03 - url: https://irssi.org/security/irssi_sa_2017_03.txt -exploitable_by: server -affected_versions: "1.0.0-1.0.1" -fixed_version: 1.0.2 -release_date: 2017-03-10 -git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3 -credit: APic -description: | - Use after free while producing list of netjoins -- cgit v1.2.3