--- layout: page title: Security permalink: security/ --- Please report security issues to staff@irssi.org. Thanks!

Past issues overview

{% assign advisories = site.data.security | concat: site.security %}{% assign lttrs = 'abcdefghijklmn' | split: '' %}{% for advisory in advisories reversed %} {% for bug in advisory.bugs %} {% if bug.affected_note_top %}{% else %} {% endif %} {% if bug.affected_note_top %} {% else %} {% endif %} {% if bug.affected_note_top %} {% endif %} {% endfor %} {% endfor %}

Links		Exploitable	Versions affected			Fixed	Credit	Description
{% if advisory.link %}{{ advisory.name }}{% elsif advisory.name contains "-SA-" %}{{ advisory.name }}{% else %}{{ advisory.name }}{% endif %}			{% if advisory.affected_note %}{{ advisory.affected_note }}{% endif %}			{% if advisory.git_commit %}{{ advisory.release_date }}{% else %}{{ advisory.release_date }}{% endif %}
	{% if bug.name %} {% if bug.link %}{{ bug.name }}{% else %}{{ bug.name }}{% endif %} {% endif %} {% if bug.cve %} {{ bug.cve }} {% endif %} {% unless bug.cve %}{% unless bug.name %}{% unless bug.external_links %}({{lttrs[forloop.index0]}}){% endunless %}{% endunless %}{% endunless %} {% for link in bug.external_links %} {{ link.id }} {% endfor %}	{{ bug.exploitable_by }}	{{ bug.affected_note_top }}				{% if bug.affected_versions.from %}{{ bug.affected_versions.from \| join: " " }}{% else %}*{% endif %}	{% if bug.affected_versions.to %}–{% endif %}	{{ bug.affected_versions.to \| join: " "}}	{% if bug.git_commit %}{{ bug.fixed_version }}{% else %}{{ bug.fixed_version \| join: " " }}{% endif %}	{{ bug.credit }}	{{ bug.description }}
			{% if bug.affected_versions.from %}{{ bug.affected_versions.from }}{% else %}*{% endif %}	{% if bug.affected_versions.to %}–{% endif %}	{{ bug.affected_versions.to }}	{% if bug.git_commit %}{{ bug.fixed_version }}{% else %}{{ bug.fixed_version }}{% endif %}	{% if bug.affected_note_bottom %}{{ bug.affected_note_bottom }}{% endif %}
			{% if bug.affected_note_bottom %}{{ bug.affected_note_bottom }}{% endif %}

Reference

"Exploitable by" column:

Server: Triggered by malicious inputs sent by a server with complete control over the connection
Example: malformed raw IRC commands
Client: Triggered by malicious inputs sent by remote clients with no privileges over the network
Example: malformed color codes inside a message
Local: Exploitable by unprivileged system users with access to the same filesystem
Example: CVE-2016-7553 (buf.pl information disclosure)
Formats: Exploitable through internal format codes used in themes and configs. These are not normally processed from the network but may be in combination with buggy scripts.
Example: CVE-2017-5356 (Crash on %[)