blob: 8119fda6535dec1bc78bcbb6e83f56dcd26e2b81 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
---
layout: page
title: Security
permalink: /security/
categories: [ _nav ]
---
<table class="table">
<thead>
<tr class="text-nowrap">
<th>Release date</th>
<th>Links</th>
<th>Affected versions</th>
<th>Fixed in version</th>
<th>Exploitable by</th>
<th>Description</th>
<th>Credit</th>
</tr>
</thead>
<tbody>
{% assign items = site.data.security | sort %}
{% for item in items reversed %}
{% assign name = item[0] %}
{% assign values = item[1] %}
<tr>
<td class="text-nowrap">{{ values.release_date }}</td>
<td class="text-nowrap">
{% for link in values.external_links %}
<div><a href="{{ link.url }}">{{ link.id }}</a></div>
{% endfor %}
</td>
<td>{{ values.affected_versions }}</td>
<td>
{{ values.fixed_version }}
<a href="https://github.com/irssi/{% if values.repo %}{{ values.repo }}{% else %}irssi{% endif %}/commit/{{ values.git_commit }}">
(git)
</a>
</td>
<td>{{ values.exploitable_by }}</td>
<td>{{ values.description }}</td>
<td>{{ values.credit }}</td>
</tr>
{% endfor %}
</tbody>
</table>
<h2>Reference</h2>
<p>"Exploitable by" column:</p>
<ul>
<li>
<b>Server</b>: Triggered by malicious inputs sent by a server with complete control over the connection<br />
Example: malformed raw IRC commands
</li>
<li>
<b>Client</b>: Triggered by malicious inputs sent by remote clients with no privileges over the network<br />
Example: malformed color codes inside a message
</li>
<li>
<b>Local users</b>: Exploitable by unprivileged system users with access to the same filesystem<br />
Example: CVE-2016-7553 (buf.pl information disclosure)
</li>
<li>
<b>Local formats</b>: Exploitable through internal format codes used in themes and configs. These are not normally processed from the network but may be in combination with buggy scripts.<br />
Example: CVE-2017-5356 (Crash on <code>%[</code>)
</li>
</ul>
|