{"affected":[{"ecosystem_specific":{"binaries":[{"irssi":"1.0.6-36.1","irssi-devel":"1.0.6-36.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"irssi","purl":"pkg:rpm/suse/irssi&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.6-36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for irssi to version 1.0.6 fixes several issues that may affect the stability of irssi:\n\n- CVE-2018-5205: Data access beyond the end of the string when using incomplete escape codes\n- CVE-2018-5206: NULL pointer dereference when the channel topic is set without specifying a sender\n- CVE-2018-5207: When using an incomplete variable argument, Irssi may access data beyond the end of the string\n- CVE-2018-5208: Heap buffer overflow when completing certain strings\n","id":"openSUSE-SU-2018:0057-1","modified":"2018-01-09T17:57:14Z","published":"2018-01-09T17:57:14Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1074958"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5205"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5206"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5208"}],"related":["CVE-2018-5205","CVE-2018-5206","CVE-2018-5207","CVE-2018-5208"],"summary":"Security update for irssi","upstream":["CVE-2018-5205","CVE-2018-5206","CVE-2018-5207","CVE-2018-5208"]}