- name: IRSSI-SA-2016
  release_date: 2016-09-14
  git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
  bugs:
    - name: CVE-2016-7044
      external_links:
              - id: CVE-2016-7044
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044
              - id: IRSSI-SA-2016
                url: https://irssi.org/security/irssi_sa_2016.txt
      exploitable_by: client
      affected_versions: 0.8.17-0.8.19 (with truecolor)
      fixed_version: 0.8.20
      release_date: 2016-09-14
      git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
      credit: Gabriel Campana and Adrien Guinet from Quarkslab
      description: |
              Remote crash and heap corruption in format parsing code

    - name: CVE-2016-7045
      external_links:
              - id: CVE-2016-7045
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045
              - id: IRSSI-SA-2016
                url: https://irssi.org/security/irssi_sa_2016.txt
      exploitable_by: client
      affected_versions: 0.8.17-0.8.19
      fixed_version: 0.8.20
      release_date: 2016-09-14
      git_commit: 295a4b77f07f14602eeaa371f00ddbf09910c82b
      credit: Gabriel Campana and Adrien Guinet from Quarkslab
      description: |
              Remote crash and heap corruption in format parsing code

- name: BUF-PL-SA-2016
  release_date: 2016-09-09
  git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
  bugs:
    - name: CVE-2016-7553
      external_links:
              - id: CVE-2016-7553
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
              - id: BUF-PL-SA-2016
                url: https://irssi.org/security/buf_pl_sa_2016.txt
      exploitable_by: local users
      affected_versions: "buf.pl *-2.13"
      fixed_version: buf.pl 2.20
      release_date: 2016-09-09
      repo: scripts.irssi.org
      git_commit: f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
      credit: Juerd Waalboer
      description: |
              Information disclosure vulnerability

- name: IRSSI-SA-2017-01
  release_date: 2017-01-05
  git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
  bugs:
    - name: CVE-2017-5193
      external_links:
              - id: CVE-2017-5193
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
              - id: IRSSI-SA-2017-01
                url: https://irssi.org/security/irssi_sa_2017_01.txt
      exploitable_by: server
      affected_versions: "*-0.8.20"
      fixed_version: 0.8.21
      release_date: 2017-01-05
      git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
      credit: Joseph Bisch
      description: |
              NULL pointer dereference in the nickcmp function

    - name: CVE-2017-5194
      external_links:
              - id: CVE-2017-5194
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
              - id: IRSSI-SA-2017-01
                url: https://irssi.org/security/irssi_sa_2017_01.txt
      exploitable_by: server
      affected_versions: "*-0.8.20"
      fixed_version: 0.8.21
      release_date: 2017-01-05
      git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
      credit: 
      description: |
              Use after free when receiving invalid nick message

    - name: CVE-2017-5195
      external_links:
              - id: CVE-2017-5195
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
              - id: IRSSI-SA-2017-01
                url: https://irssi.org/security/irssi_sa_2017_01.txt
      exploitable_by: client
      affected_versions: 0.8.17-0.8.20
      fixed_version: 0.8.21
      release_date: 2017-01-05
      git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
      credit: Joseph Bisch
      description: |
              Out of bounds read in certain incomplete control codes

    - name: CVE-2017-5196
      external_links:
              - id: CVE-2017-5196
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
              - id: IRSSI-SA-2017-01
                url: https://irssi.org/security/irssi_sa_2017_01.txt
      exploitable_by: server
      affected_versions: 0.8.18-0.8.20
      fixed_version: 0.8.21
      release_date: 2017-01-05
      git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
      credit: Hanno Böck and independently by Joseph Bisch
      description: |
              Out of bounds read in certain incomplete character sequences

    - name: CVE-2017-5356
      external_links:
              - id: CVE-2017-5356
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
              - id: IRSSI-SA-2017-01
                url: https://irssi.org/security/irssi_sa_2017_01.txt
      exploitable_by: local formats
      affected_versions: "*-0.8.20"
      fixed_version: 0.8.21
      release_date: 2017-01-05
      git_commit: 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
      credit: Hanno Böck
      description: |
              Out of bounds read when printing the value %[

- name: IRSSI-SA-2017-03
  release_date: 2017-03-10
  git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
  bugs:
    - name: CVE-2017-7191
      external_links:
              - id: CVE-2017-7191
                url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7191
              - id: IRSSI-SA-2017-03
                url: https://irssi.org/security/irssi_sa_2017_03.txt
      exploitable_by: server
      affected_versions: "1.0.0-1.0.1"
      fixed_version: 1.0.2
      release_date: 2017-03-10
      git_commit: 77b2631c78461965bc9a7414aae206b5c514e1b3
      credit: APic
      description: |
              Use after free while producing list of netjoins