www: 7795190e: Collecting this information and writing ...

markdoliner at pidgin.im markdoliner at pidgin.im
Thu Sep 3 14:36:50 EDT 2009


-----------------------------------------------------------------
Revision: 7795190ee485906c5bd87ea3cdca75695c8667d1
Ancestor: a6ad95fff27b854918c6969ce58739146052b2e1
Author: markdoliner at pidgin.im
Date: 2009-09-03T18:32:43
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/7795190ee485906c5bd87ea3cdca75695c8667d1

Modified files:
        htdocs/news/security/index.php

ChangeLog: 

Collecting this information and writing this is draining.  I think we haven't
mentioned all of these in our ChangeLog yet.  We should probably do that.

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	eb2c5eb6646e8ffb003ba6eabc76cb180694757e
+++ htdocs/news/security/index.php	af23e8b81b590eb644a0e4b8ffc37b5ffe2223a4
@@ -377,6 +377,56 @@ $vulnerabilities = array(
 		"fix"          => "Correctly parse URLs in incoming Yahoo messages.",
 		"fixedversion" => "2.6.1",
 		"discoveredby" => "adk"
+	),
+	array(
+		"title"        => "XMPP may not enforce TLS",
+		"date"         => "3 September 2009",
+		"cve"          => "CVE-2009-3026",
+		"summary"      => "XMPP does not always respect the \"require TLS/SSL\" preference",
+		"description"  => "The XMPP protocol plugin can be tricked into establishing an insecure connection by a malicious man in the middle by causing libpurple to use the older iq-based login and then not offering TLS/SSL.  libpurple 2.6.0 and 2.6.1 are definitely vulnerable.  Older versions are likely vulnerable as well.",
+		"fix"          => "Respect the \"require TLS/SSL\" preference for this type of connection.",
+		"fixedversion" => "2.6.2",
+		"discoveredby" => "bugdave in <a href=\"http://developer.pidgin.im/ticket/8131\">ticket #8131</a> and Paul Aurich"
+	),
+	array(
+		"title"        => "XMPP custom smiley parsing bug",
+		"date"         => "3 September 2009",
+		"cve"          => "",
+		"summary"      => "XMPP can crash when parsing certain custom smiley responses"
+		"description"  => "The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley.  libpurple 2.5.2 through 2.6.1 are vulnerable.  Older versions may be vulnerable as well.",
+		"fix"          => "Handle error iq responses appropriately",
+		"fixedversion" => "2.6.2",
+		"discoveredby" => "Florob, Waqas, Paul Aurich and Marcus Lundblad"
+	),
+	array(
+		"title"        => "MSN handwritten message crash",
+		"date"         => "3 September 2009",
+		"cve"          => "",
+		"summary"      => "MSN incorrectly handles incoming handwritten messages, which can lead to a crash.",
+		"description"  => "The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another.  This caused the conversion to fail.  This failure combined with an uninitialized variable can trigger a crash.  The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.",
+		"fix"          => "Use the correct character set name and initialize error to NULL.",
+		"fixedversion" => "2.6.2",
+		"discoveredby" => "aly89 in <a href=\"http://developer.pidgin.im/ticket/10048\">ticket #10048</a> and Elliott Sales de Andrade"
+	),
+	array(
+		"title"        => "MSN partial SLP invite crash",
+		"date"         => "3 September 2009",
+		"cve"          => "",
+		"summary"      => "MSN expects certain values to exist, and crashes if they do not",
+		"description"  => "The MSN protocol plugin extracts some fields from an incoming SLP invite.  If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.",
+		"fix"          => "Check for NULL values and handle appropriately.",
+		"fixedversion" => "2.6.2",
+		"discoveredby" => "blackstar in <a href=\"http://developer.pidgin.im/ticket/10159\">ticket #10159</a> and Elliott Sales de Andrade"
+	),
+	array(
+		"title"        => "IRC title shindig",
+		"date"         => "3 September 2009",
+		"cve"          => "CVE-2009-2703",
+		"summary"      => "A malicious server can send an invalid IRC message which triggers a crash",
+		"description"  => "A specially crafted IRC TOPIC message can trigger a NULL pointer dereference in the IRC protocol plugin's code for handling IRC topics.",
+		"fix"          => "Correctly ignore invalid TOPIC messages sent from the server.",
+		"fixedversion" => "2.6.2",
+		"discoveredby" => "Cristofaro Mune"
 	)
 );
 /*	Template for the unfortunate future


More information about the Commits mailing list