www: ec670188: I like good grammar...

qulogic at pidgin.im qulogic at pidgin.im
Fri May 22 00:30:56 EDT 2009 

-----------------------------------------------------------------
Revision: ec670188702bdcf9ac85481cdbf142750ac2f3e8
Ancestor: 8b8747e20d4a4c559d185da8d17878d02d9b1741
Author: qulogic at pidgin.im
Date: 2009-05-22T04:25:48
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/ec670188702bdcf9ac85481cdbf142750ac2f3e8

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

I like good grammar...

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	98a3c94c6760d7d0be086b5b78f3f83298b64d94
+++ htdocs/news/security/index.php	8ca6374af758d1fef0f1e2ef28835ead19a3ba8a
@@ -323,8 +323,8 @@ $vulnerabilities = array(
 		"date"         => "3 May 2009",
 		"cve"          => "CVE-2009-1374",
 		"summary"      => "Possible remote denial of service when receiving a QQ packet",
-		"description"  => "decrypt_out() always writes 8 bytes past the passed in buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash.",
-		"fix"          => "decrypt_out() is fixed to not write past the buffer.",
+		"description"  => "decrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash.",
+		"fix"          => "decrypt_out() is fixed to not write past the end of the buffer.",
 		"fixedversion" => "2.5.6",
 		"discoveredby" => "Ka-Hing Cheung"
 	),
@@ -333,8 +333,8 @@ $vulnerabilities = array(
 		"date"         => "20 Mar 2009",
 		"cve"          => "CVE-2009-1375",
 		"summary"      => "Remote denial of service that affects several protocols",
-		"description"  => "A buffer maintained by PurpleCircBuffer may be corrupted if it's exactly full and then more bytes are added to it, leading to a crash. This structure is used by XMPP and Sametime protocol plugins",
-		"fix"          => "PurpleCircBuffer now does bounds check correctly",
+		"description"  => "A buffer maintained by PurpleCircBuffer may be corrupted if it's exactly full and then more bytes are added to it, leading to a crash. This structure is used by the XMPP and Sametime protocol plugins.",
+		"fix"          => "PurpleCircBuffer now correctly checks bounds.",
 		"fixedversion" => "2.5.6",
 		"discoveredby" => "Josef Andrysek"
 	),
@@ -343,8 +343,8 @@ $vulnerabilities = array(
 		"date"         => "2 May 2009",
 		"cve"          => "CVE-2009-1376",
 		"summary"      => "Malformed SLP messages can cause a buffer overflow",
-		"description"  => "The previous fix to <a href=\"/news/security/?id=25\">CVE-2008-2927</a> was deemed incomplete. The size check improperly casted an uint64 to size_t which can cause an integer overflow, rendering the check useless.",
-		"fix"          => "Proper variable type is now used when doing size comparison. Additionally the malformed message is now properly discarded.",
+		"description"  => "The previous fix to <a href=\"/news/security/?id=25\">CVE-2008-2927</a> was deemed incomplete. The size check improperly cast an uint64 to size_t which can cause an integer overflow, rendering the check useless.",
+		"fix"          => "The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.",
 		"fixedversion" => "2.5.6",
 		"discoveredby" => ""
 	)

More information about the Commits mailing list