---
-
  name: IRSSI-SA-2016
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  bugs:
    -
      cve: CVE-2016-7044
      exploitable_by: client
      important: True
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      affected_note_bottom: '(with truecolor)'
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
    -
      cve: CVE-2016-7045
      exploitable_by: client
      important: True
      affected_versions:
        from: 0.8.17
        to: 0.8.19
      fixed_version: 0.8.20
      credit: 'Gabriel Campana and Adrien Guinet from Quarkslab'
      description: 'Remote crash and heap corruption in format parsing code'
-
  name: BUF-PL-SA-2016
  affected_note: buf.pl
  release_date: 2016-09-09
  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
  repo: scripts.irssi.org
  bugs:
    -
      cve: CVE-2016-7553
      exploitable_by: local
      affected_versions:
        from: '*'
        to: '2.13'
      fixed_version: '2.20'
      credit: 'Juerd Waalboer'
      description: 'Information disclosure vulnerability'
-
  name: IRSSI-SA-2017-01
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  bugs:
    -
      cve: CVE-2017-5193
      exploitable_by: server
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'NULL pointer dereference in the nickcmp function'
    -
      cve: CVE-2017-5194
      exploitable_by: server
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: ~
      description: 'Use after free when receiving invalid nick message'
    -
      cve: CVE-2017-5356
      exploitable_by: formats
      affected_versions:
        from: '*'
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck'
      description: 'Out of bounds read when printing the value %['
    -
      cve: CVE-2017-5195
      exploitable_by: client
      affected_versions:
        from: 0.8.17
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Joseph Bisch'
      description: 'Out of bounds read in certain incomplete control codes'
    -
      cve: CVE-2017-5196
      exploitable_by: server
      affected_versions:
        from: 0.8.18
        to: 0.8.20
      fixed_version: 0.8.21
      credit: 'Hanno Böck and independently by Joseph Bisch'
      description: 'Out of bounds read in certain incomplete character sequences'
-
  name: IRSSI-SA-2017-03
  release_date: 2017-03-10
  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
  bugs:
    -
      cve: CVE-2017-7191
      exploitable_by: server
      important: True
      affected_versions:
        from: 1.0.0
        to: 1.0.1
      fixed_version: 1.0.2
      credit: APic
      description: 'Use after free while producing list of netjoins'
-
  name: IRSSI-SA-2017-06
  release_date: 2017-06-06
  git_commit: fb08fc7f1aa6b2e616413d003bf021612301ad55
  bugs:
    -
      cve: CVE-2017-9468
      exploitable_by: server
      affected_versions:
        from: '*'
        to: 1.0.2
      fixed_version: 1.0.3
      credit: 'Joseph Bisch'
      description: 'NULL pointer dereference when receiving a DCC message without source nick/host'
    -
      cve: CVE-2017-9469
      exploitable_by: client
      affected_versions:
        from: '*'
        to: 1.0.2
      fixed_version: 1.0.3
      credit: 'Joseph Bisch'
      description: 'Out of bounds read when parsing incorrectly quoted DCC files'