--- layout: page title: Security permalink: security/ categories: [ _nav ] --- {% assign advisories = site.data.security %} {% for advisory in advisories reversed %} {% for bug in advisory.bugs %} {% endfor %} {% endfor %}

Links		Exploitable	Versions affected			Fixed	Credit	Description
{% if advisory.link %}{{ advisory.name }}{% elsif advisory.name contains "-SA-" %}{{ advisory.name }}{% else %}{{ advisory.name }}{% endif %}			{% if advisory.affected_note %}{{ advisory.affected_note }}{% endif %}			{% if advisory.git_commit %}{{ advisory.release_date }}{% else %}{{ advisory.release_date }}{% endif %}
	{% if bug.name %} {% if bug.link %}{{ bug.name }}{% else %}{{ bug.name }}{% endif %} {% endif %} {% if bug.cve %} {{ bug.cve }} {% endif %} {% for link in bug.external_links %} {{ link.id }} {% endfor %}	{{ bug.exploitable_by }}	{% if bug.affected_note_top %}{{ bug.affected_note_top }}{% endif %}				{{ bug.credit }}	{{ bug.description }}
			{{ bug.affected_versions.from }}	–	{{ bug.affected_versions.to }}	{{ bug.fixed_version }}
			{% if bug.affected_note_bottom %}{{ bug.affected_note_bottom }}{% endif %}

Reference

"Exploitable by" column:

Server: Triggered by malicious inputs sent by a server with complete control over the connection
Example: malformed raw IRC commands
Client: Triggered by malicious inputs sent by remote clients with no privileges over the network
Example: malformed color codes inside a message
Local: Exploitable by unprivileged system users with access to the same filesystem
Example: CVE-2016-7553 (buf.pl information disclosure)
Formats: Exploitable through internal format codes used in themes and configs. These are not normally processed from the network but may be in combination with buggy scripts.
Example: CVE-2017-5356 (Crash on %[)