www: 6eb12b6b: Include information on the recent securi...
rekkanoryo at pidgin.im
rekkanoryo at pidgin.im
Thu Oct 21 00:21:54 EDT 2010
----------------------------------------------------------------------
Revision: 6eb12b6b0cdfa5a941698f685c469480b51bdbf7
Parent: a80a63eb37c77d9c010a04f19c405e0fb70aa3df
Author: rekkanoryo at pidgin.im
Date: 10/21/10 00:03:39
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/6eb12b6b0cdfa5a941698f685c469480b51bdbf7
Changelog:
Include information on the recent security issue.
Changes against parent a80a63eb37c77d9c010a04f19c405e0fb70aa3df
patched htdocs/news/security/index.php
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 4b0c3e4b53374f346f71a8ca4ce7ecd635058b7a
+++ htdocs/news/security/index.php 46f08a5b6e4fadcc51548e0dabd74eea090b214c
@@ -509,6 +509,17 @@ $vulnerabilities = array(
"fixrevisions" => "8e8ff246492e45af8f8d0808296d6f2906794dc0",
"fixedversion" => "2.7.2",
"discoveredby" => "Mark Doliner"
+ ),
+ array(
+ "title" => "purple_base64_decode() remote crashes",
+ "date" => "2010-10-20",
+ "cve" => "CVE-2010-3711",
+ "summary" => "Multiple remotely-triggered denials of service",
+ "description" => "It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.",
+ "fix" => "Check the return value from purple_base64_decode() before trying to use it.",
+ "fixrevisions" => "b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc",
+ "fixedversion" => "2.7.4",
+ "discoveredby" => "Daniel Atallah"
)
);
/* Template for the unfortunate future
More information about the Commits
mailing list