Remote crash in gaim-text

Richard Nelson wabz at
Tue Mar 6 05:03:00 EST 2007

On Tuesday 06 March 2007 18:09, Mark Doliner wrote:
> Unless someone objects, wabz, do you think you could write up some info on
> the vulnerability?  

I'll reply now because my mails to cabal still appear to be grey-listed for a 
very long time (is there a way for me to tell if this is my ISP's fault?).

Title: gaim-text format string bug
Summary: Carefully crafted strings supplied by remote users can cause the 
client to crash or possibly lead to remote code execution.
Description: Several gnt widgets used the ncurses library function mvwprintw 
with format strings supplied by gaim-text, which could be supplied by remote 
Fix: All instances of mvwprintw with only 4 arguments were changed to 

> How does this sound:  We check in a fix to MTN as soon as possible  We hold
> off on checking a fix into Subversion so as to avoid people noticing the
> bug (unless the fix is already been checked in?).  

Yeah, the fix is currently in mtn (rev f59170f3) and not svn.

-- Richard Nelson

More information about the Cabal mailing list