im.pidgin.www: 4c1b90454ae2eacb981a9b8af8439228349e44b4

rekkanoryo at cpw.pidgin.im rekkanoryo at cpw.pidgin.im
Wed Oct 24 14:20:38 EDT 2007


-----------------------------------------------------------------
Revision: 4c1b90454ae2eacb981a9b8af8439228349e44b4
Ancestor: 28673fdd5388a7a8d27ea3ee72ccc908063b07b6
Author: rekkanoryo at cpw.pidgin.im
Date: 2007-10-24T18:14:04
Branch: im.pidgin.www

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

Update for the most recent vulnerability

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	b57c9d5a45b5e318f8e0459ca772e071778fae69
+++ htdocs/news/security/index.php	e40f3ff2bad7d7cc9e421e3638bd6923b741c19c
@@ -256,6 +256,16 @@ $vulnerabilities = array(
 		"fix"          => "The nudge functionality in the MSN protocol has been rewritten to avoid an unnecessary lookup of buddy information.",
 		"fixedversion" => "2.2.1",
 		"discoveredby" => "Evan Schoenberg"
+	),
+	array(
+		"title"        => "NULL pointer dereference in parsing invalid HTML",
+		"date"         => "4 October 2007",
+		"cve"          => "CVE-2007-4999",
+		"summary"      => "Receiving invalid HTML cau cause libpurple 2.1.0 through 2.2.1 to crash",
+		"description"  => "A remote user can cause a denial of service (crash) by sending a message with invalid HTML.  It is believed that this crash can be triggered only when using HTML logging, and it requires the remote user to be able to send invalid HTML.  This is possible on AIM and may be possible on some XMPP networks.  Other protocols and networks may also be affected.",
+		"fix"          => "The affected function, purple_markup_html_to_xhtml(), has been patched to fix the vulnerability.",
+		"fixedversion" => "2.2.2",
+		"discoveredby" => "Jeffrey Rosen"
 	)
 );
 /*	Template for the unfortunate future


More information about the Commits mailing list