www: 647f5f39: Add the really, really, really bad vulne...
markdoliner at pidgin.im
markdoliner at pidgin.im
Tue Aug 18 14:47:13 EDT 2009
-----------------------------------------------------------------
Revision: 647f5f398a1dbf9031fa516e072cd050f975b092
Ancestor: 785b6c9c2b6c65581425b481272035705f132247
Author: markdoliner at pidgin.im
Date: 2009-08-18T18:43:13
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/647f5f398a1dbf9031fa516e072cd050f975b092
Modified files:
htdocs/news/security/index.php
ChangeLog:
Add the really, really, really bad vulnerability to our security page
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 764493cecd658885d8172662fdd7a8c6ac734a49
+++ htdocs/news/security/index.php 10847ad5e544028e8359ffce2ca371f6d587389b
@@ -357,6 +357,16 @@ $vulnerabilities = array(
"fix" => "Yuriy's patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and added validation to avoid unnecessary memory allocations.",
"fixedversion" => "2.5.8",
"discoveredby" => "Yuriy Kaminskiy"
+ ),
+ array(
+ "title" => "MSN overflow parsing SLP messages",
+ "date" => "18 August 2009",
+ "cve" => "CVE-2009-2694",
+ "summary" => "Specially crafted SLP messages can cause a buffer overflow",
+ "description" => "By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory.",
+ "fix" => "Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a buffer has been allocated within the SLP data structure before attempting to write to it.",
+ "fixedversion" => "2.5.9",
+ "discoveredby" => "Core Security Technologies"
)
);
/* Template for the unfortunate future
More information about the Commits
mailing list