www: 3a63d515: Add an entry regarding the CVE in 2.5.8.
kstange at pidgin.im
kstange at pidgin.im
Thu Jul 2 00:40:22 EDT 2009
-----------------------------------------------------------------
Revision: 3a63d5151e3a7885f1f684170fddcb2a923fbd6b
Ancestor: b9fe671f1bff96fa9bd3d177496f7402bcf3086d
Author: kstange at pidgin.im
Date: 2009-07-02T04:32:58
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/3a63d5151e3a7885f1f684170fddcb2a923fbd6b
Modified files:
htdocs/news/security/index.php
ChangeLog:
Add an entry regarding the CVE in 2.5.8.
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 86047489f21c485554dceb2221cf56068c7fa6cf
+++ htdocs/news/security/index.php b7083262c872538879aa793ef26998f980ba8362
@@ -347,6 +347,16 @@ $vulnerabilities = array(
"fix" => "The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.",
"fixedversion" => "2.5.6",
"discoveredby" => "Loc VALBON (via TippingPoint's Zero Day Initiative)"
+ );
+ array(
+ "title" => "ICQ parser excessive memory allocation",
+ "date" => "28 May 2009",
+ "cve" => "CVE-2009-1889",
+ "summary" => "Misparsed web messages can result in excessive memory allocation",
+ "description" => "The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation.",
+ "fix" => "Yuriy's patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and adds validation to avoid unnecessary memory allocations.",
+ "fixedversion" => "2.5.8",
+ "discoveredby" => "Yuriy Kaminskiy"
)
);
/* Template for the unfortunate future
More information about the Commits
mailing list