www: 01edda7c: Document the CVE; whoever updates the we...
darkrain42 at pidgin.im
darkrain42 at pidgin.im
Sun Jan 10 02:21:29 EST 2010
-----------------------------------------------------------------
Revision: 01edda7c78cf6ba9ffd2b4d9ed7874ee285dd4f8
Ancestor: ca1fb7b0ad88db5e08f2dad7c3ad0f73fa4bd55d
Author: darkrain42 at pidgin.im
Date: 2010-01-10T07:16:04
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/01edda7c78cf6ba9ffd2b4d9ed7874ee285dd4f8
Modified files:
htdocs/news/security/index.php
ChangeLog:
Document the CVE; whoever updates the website, please review this (and
check that I didn't introduce any syntax errors).
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 4c50c759796aef2d9f35d99c0a7f2e436d4136cf
+++ htdocs/news/security/index.php f0f26225e8df0acf6cbe1d426a5c021397d0d90d
@@ -443,6 +443,17 @@ $vulnerabilities = array(
"fixrevisions" => "781682333aea0c801d280c3507ee25552a60bfc0",
"fixedversion" => "2.6.3",
"discoveredby" => "nightwing666 in <a href=\"http://developer.pidgin.im/ticket/10481\">ticket #10481</a>"
+ ),
+ array(
+ "title" => "MSN file download vulnerability",
+ "date" => "2010-01-08",
+ "cve" => "CVE-2010-0013",
+ "summary" => "A remote user can download arbitrary files from a libpurple-based client",
+ "description" => "The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.",
+ "fix" => "Validate the custom emoticon requested is valid before uploading its file data.",
+ "fixrevisions" => "c64a1adc8bda2b4aeaae1f273541afbc4f71b810",
+ "fixedversion" => "2.6.5",
+ "discoveredby" => "Fabian Yamaguchi"
)
);
/* Template for the unfortunate future
More information about the Commits
mailing list