www: a1dfc08b: security updates, not done yet

khc at pidgin.im khc at pidgin.im
Thu May 21 04:05:38 EDT 2009 

-----------------------------------------------------------------
Revision: a1dfc08b984df5f210df6ba536b862373842bec0
Ancestor: 4dcf2c511caab3271ef252c3b17e55f4773a592a
Author: khc at pidgin.im
Date: 2009-05-21T07:59:57
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/a1dfc08b984df5f210df6ba536b862373842bec0

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

security updates, not done yet


-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	149e5d27ef7bc6541495f3ef00e83db89557332e
+++ htdocs/news/security/index.php	c4ef4862c4b9c0a7daabd507381e276cd8b52003
@@ -307,6 +307,46 @@ $vulnerabilities = array(
 		"fix"          => "SSL/TLS Certificates are now verified in the NSS implementation in libpurple.",
 		"fixedversion" => "2.5.0",
 		"discoveredby" => "Josh Triplett"
+	),
+	array(
+		"title"        => "XMPP file transfer buffer overflow",
+		"date"         => "2 May 2009",
+		"cve"          => "CVE-2009-1373",
+		"summary"      => "Buffer overflow is possible when initiating file transfer to a malicious buddy over XMPP",
+		"description"  => "",
+		"fix"          => "",
+		"fixedversion" => "2.5.6",
+		"discoveredby" => "Vercode"
+	),
+	array(
+		"title"        => "QQ remote DoS",
+		"date"         => "3 May 2009",
+		"cve"          => "CVE-2009-1374",
+		"summary"      => "Possible remote denial of service when receiving a QQ packet",
+		"description"  => "decrypt_out() always writes 8 bytes past the passed in buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash.",
+		"fix"          => "decrypt_out() is fixed to not write past the buffer.",
+		"fixedversion" => "2.5.6",
+		"discoveredby" => "Ka-Hing Cheung"
+	),
+	array(
+		"title"        => "Remote DoS in multiple protocols",
+		"date"         => "20 Mar 2009",
+		"cve"          => "CVE-2009-1375",
+		"summary"      => "Remote denial of service that affects several protocols",
+		"description"  => "A buffer maintained by PurpleCircBuffer may be corrupted if it's exactly full and then more bytes are added to it, leading to a crash. This structure is used by XMPP and Sametime protocol plugins",
+		"fix"          => "PurpleCircBuffer now does bounds check correctly",
+		"fixedversion" => "2.5.6",
+		"discoveredby" => "Josef Andrysek"
+	),
+	array(
+		"title"        => "MSN malformed SLP message overflow",
+		"date"         => "2 May 2009",
+		"cve"          => "CVE-2009-1376",
+		"summary"      => "Malformed SLP messages can cause a buffer overflow",
+		"description"  => "The previous fix to <a href=\"/news/security/?id=25\">CVE-2008-2927</a> was deemed incomplete. The size check improperly casted an uint64 to size_t which can cause an integer overflow, rendering the check useless.",
+		"fix"          => "Proper variable type is now used when doing size comparison. Additionally the malformed message is now properly discarded.",
+		"fixedversion" => "2.5.6",
+		"discoveredby" => ""
 	)
 );
 /*	Template for the unfortunate future

More information about the Commits mailing list