im.pidgin.www: 916123733f8501a1370222c90369c58bfe28d795

nosnilmot at pidgin.im nosnilmot at pidgin.im
Wed Oct 24 14:40:47 EDT 2007


-----------------------------------------------------------------
Revision: 916123733f8501a1370222c90369c58bfe28d795
Ancestor: f9bf3b5a4b0fc9d9b61530b999bbf81caf3ac6e9
Author: nosnilmot at pidgin.im
Date: 2007-10-24T18:39:17
Branch: im.pidgin.www

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

Fix the date and reduce the blurb a bit

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	ceef0a0e4d33a47fc265b682c484b5cd759191ae
+++ htdocs/news/security/index.php	769d914afbfbcf899eaab373308a8d121cf775ff
@@ -259,11 +259,11 @@ $vulnerabilities = array(
 	),
 	array(
 		"title"        => "NULL pointer dereference in parsing invalid HTML",
-		"date"         => "4 October 2007",
+		"date"         => "24 October 2007",
 		"cve"          => "CVE-2007-4999",
 		"summary"      => "Receiving invalid HTML can cause libpurple 2.1.0 through 2.2.1 to crash",
-		"description"  => "A remote user can cause a denial of service (crash) by sending a message with invalid HTML.  It is believed that this crash can be triggered only when using HTML logging, and it requires the remote user to be able to send invalid HTML.  This is possible on AIM and may be possible on some XMPP networks.  Other protocols and networks may also be affected.",
-		"fix"          => "The affected function, purple_markup_html_to_xhtml(), has been patched to fix the vulnerability.",
+		"description"  => "A remote user can cause a denial of service (crash) by sending a message with invalid HTML.  It is believed that this crash can be triggered only when using HTML logging.",
+		"fix"          => "The affected function has been patched to fix the vulnerability.",
 		"fixedversion" => "2.2.2",
 		"discoveredby" => "Jeffrey Rosen"
 	)


More information about the Commits mailing list