www: 8b8747e2: Add information about CVE-2009-1373

datallah at pidgin.im datallah at pidgin.im
Thu May 21 23:25:51 EDT 2009


-----------------------------------------------------------------
Revision: 8b8747e20d4a4c559d185da8d17878d02d9b1741
Ancestor: a1dfc08b984df5f210df6ba536b862373842bec0
Author: datallah at pidgin.im
Date: 2009-05-22T03:10:11
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/8b8747e20d4a4c559d185da8d17878d02d9b1741

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

Add information about CVE-2009-1373

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	c4ef4862c4b9c0a7daabd507381e276cd8b52003
+++ htdocs/news/security/index.php	98a3c94c6760d7d0be086b5b78f3f83298b64d94
@@ -313,10 +313,10 @@ $vulnerabilities = array(
 		"date"         => "2 May 2009",
 		"cve"          => "CVE-2009-1373",
 		"summary"      => "Buffer overflow is possible when initiating file transfer to a malicious buddy over XMPP",
-		"description"  => "",
-		"fix"          => "",
+		"description"  => "The XMPP SOCKS5 bytestream server was not correctly checking the bounds of a buffer when initiating an outgoing file transfer.",
+		"fix"          => "The affected function has been patched to fix the vulnerability.",
 		"fixedversion" => "2.5.6",
-		"discoveredby" => "Vercode"
+		"discoveredby" => "Veracode"
 	),
 	array(
 		"title"        => "QQ remote DoS",


More information about the Commits mailing list