www: 6eb12b6b: Include information on the recent securi...

rekkanoryo at pidgin.im rekkanoryo at pidgin.im
Thu Oct 21 00:21:54 EDT 2010


----------------------------------------------------------------------
Revision: 6eb12b6b0cdfa5a941698f685c469480b51bdbf7
Parent:   a80a63eb37c77d9c010a04f19c405e0fb70aa3df
Author:   rekkanoryo at pidgin.im
Date:     10/21/10 00:03:39
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/6eb12b6b0cdfa5a941698f685c469480b51bdbf7

Changelog: 

Include information on the recent security issue.

Changes against parent a80a63eb37c77d9c010a04f19c405e0fb70aa3df

  patched  htdocs/news/security/index.php

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	4b0c3e4b53374f346f71a8ca4ce7ecd635058b7a
+++ htdocs/news/security/index.php	46f08a5b6e4fadcc51548e0dabd74eea090b214c
@@ -509,6 +509,17 @@ $vulnerabilities = array(
 		"fixrevisions" => "8e8ff246492e45af8f8d0808296d6f2906794dc0",
 		"fixedversion" => "2.7.2",
 		"discoveredby" => "Mark Doliner"
+	),
+	array(
+		"title"        => "purple_base64_decode() remote crashes",
+		"date"         => "2010-10-20",
+		"cve"          => "CVE-2010-3711",
+		"summary"      => "Multiple remotely-triggered denials of service",
+		"description"  => "It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode().  Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash.  These vulnerabilities can be leveraged by a remote user for denial of service.",
+		"fix"          => "Check the return value from purple_base64_decode() before trying to use it.",
+		"fixrevisions" => "b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc",
+		"fixedversion" => "2.7.4",
+		"discoveredby" => "Daniel Atallah"
 	)
 );
 /*	Template for the unfortunate future


More information about the Commits mailing list