www: 72803c93: Add CVE IDs for newest three issues.
qulogic at pidgin.im
qulogic at pidgin.im
Wed Sep 9 17:56:23 EDT 2009
-----------------------------------------------------------------
Revision: 72803c9323e51f40ed426187e49e84f7d4b3567d
Ancestor: c849aa097db3b3a51447a06a2513eda86954003c
Author: qulogic at pidgin.im
Date: 2009-09-09T21:54:17
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/72803c9323e51f40ed426187e49e84f7d4b3567d
Modified files:
htdocs/news/security/index.php
ChangeLog:
Add CVE IDs for newest three issues.
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 7c1e88d5f1c08324c758257fb0452dc2eabedde3
+++ htdocs/news/security/index.php 534918972da28c0b2b5d821f4d97c9ea0a0a6d62
@@ -392,7 +392,7 @@ $vulnerabilities = array(
array(
"title" => "XMPP custom smiley parsing bug",
"date" => "3 September 2009",
- "cve" => "",
+ "cve" => "CVE-2009-3085",
"summary" => "XMPP can crash when parsing certain custom smiley responses",
"description" => "The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions may be vulnerable as well.",
"fix" => "Handle error iq responses appropriately.",
@@ -403,7 +403,7 @@ $vulnerabilities = array(
array(
"title" => "MSN handwritten message crash",
"date" => "3 September 2009",
- "cve" => "",
+ "cve" => "CVE-2009-3084",
"summary" => "MSN incorrectly handles incoming handwritten messages, which can lead to a crash.",
"description" => "The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.",
"fix" => "Use the correct character set name and initialize error to NULL.",
@@ -414,7 +414,7 @@ $vulnerabilities = array(
array(
"title" => "MSN partial SLP invite crash",
"date" => "3 September 2009",
- "cve" => "",
+ "cve" => "CVE-2009-3083",
"summary" => "MSN expects certain values to exist, and crashes if they do not",
"description" => "The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.",
"fix" => "Check for NULL values and handle appropriately.",
More information about the Commits
mailing list