www: 1210c7e1: Consistently use "YYYY-MM-DD" instead of...
markdoliner at pidgin.im
markdoliner at pidgin.im
Sun Aug 7 03:11:58 EDT 2011
----------------------------------------------------------------------
Revision: 1210c7e141ff9b0542a31a7b693a56deee42947b
Parent: da9f294d23f882f77b23b1c0cc1d45a03c7a40cb
Author: markdoliner at pidgin.im
Date: 08/07/11 03:08:07
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/1210c7e141ff9b0542a31a7b693a56deee42947b
Changelog:
Consistently use "YYYY-MM-DD" instead of "DD Month YYYY" in the dates
for our CVEs
Changes against parent da9f294d23f882f77b23b1c0cc1d45a03c7a40cb
patched htdocs/news/security/index.php
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php aba08cd8c81e3ce07d26f24aba828b950673749b
+++ htdocs/news/security/index.php 4a6eba95268c9ea9a19fa67143c54700b32e4083
@@ -23,7 +23,7 @@ $vulnerabilities = array(
$vulnerabilities = array(
array(
"title" => "MSN strncpy buffer overflow",
- "date" => "22 August 2004",
+ "date" => "2004-08-22",
"cve" => "CVE-2004-0500",
"summary" => "Possible for a remote MSN user to cause a buffer overflow.",
"description" => "In two places in the MSN protocol plugins (object.c and slp.c), strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's MSNSLP protocol, which is peer-to-peer, so this could potentially be easy to exploit.",
@@ -33,7 +33,7 @@ $vulnerabilities = array(
),
array(
"title" => "Smiley theme installation lack of escaping",
- "date" => "22 August 2004",
+ "date" => "2004-08-22",
"cve" => "CVE-2004-0784",
"summary" => "Dragging a carefully crafted smiley theme filename onto Gaim could cause arbitrary command execution.",
"description" => "To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command to untar it. However, it does not escape the filename before sending it to the shell. Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector.",
@@ -43,7 +43,7 @@ $vulnerabilities = array(
),
array(
"title" => "Groupware message receive integer overflow",
- "date" => "26 August 2004",
+ "date" => "2004-08-26",
"cve" => "CVE-2004-0754",
"summary" => "Carefully crafted messages could cause a buffer overflow.",
"description" => "Integer overflow in memory allocation results in heap overflow. By passing the size variable as ~0, integer overflows to 0 when 1 is added in g_alloc(). a malloc(0) call results in 16 bytes of memory being allocated on IA- 32. Then we can overflow the heap when nm_read_all() is called next step. usually cases like this suck for exploitation, because the len (~0) is so large that a following call to memcpy() or strcpy() will just run into kernel mem or unmapped address and fault. however in this case we read the data from the network via a read() call, so we can just stop sending data and close the connection to short out before ~0 bytes are read. however, this is triggered by input from the server, not directly from a client. someone running a malicious groupware server could leverage this to run arbitrary code on the client.",
@@ -53,7 +53,7 @@ $vulnerabilities = array(
),
array(
"title" => "URL decode buffer overflow",
- "date" => "26 August 2004",
+ "date" => "2004-08-26",
"cve" => "CVE-2004-0785",
"summary" => "Receiving exceedingly long URLs can cause a buffer overflow.",
"description" => "Buffer overflow. The URL is decoded into a static buffer of length 2048 bytes. I'm not sure it's possible to receive a URL longer than 2048 bytes, as many protocols have message limits that are shorter than that.",
@@ -63,7 +63,7 @@ $vulnerabilities = array(
),
array(
"title" => "Local hostname resolution buffer overflow",
- "date" => "26 August 2004",
+ "date" => "2004-08-26",
"cve" => "CVE-2004-0785",
"summary" => "Possible buffer overflow when resolving the hostname of the local computer.",
"description" => "Buffer overflow. If the local computers host name is not in /etc/hosts, and the computer performs a DNS query to obtain it's hostname when signing on to zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN (generally 64 bytes). If gethostbyname() does not ensure the size of hostent->h_name is less than MAXHOSTNAMELEN, this value would be copied to a buffer that is not large enough.",
@@ -73,7 +73,7 @@ $vulnerabilities = array(
),
array(
"title" => "RTF message buffer overflow",
- "date" => "26 August 2004",
+ "date" => "2004-08-26",
"cve" => "CVE-2004-0785",
"summary" => "Invalid rich text format messages could cause a buffer overflow.",
"description" => "Buffer overflow. There are some loops that read into fixed-sized buffers and do not check to make sure they are not writing too much.",
@@ -83,7 +83,7 @@ $vulnerabilities = array(
),
array(
"title" => "Content-length DOS (malloc error)",
- "date" => "26 August 2004",
+ "date" => "2004-08-26",
"summary" => "Posibile for a malicious web server to provide a web page with a false content-length value which could crash Gaim.",
"description" => "Remote crash. When a remote server provides a large \"content-length\" header value, Gaim will attempt to allocate a buffer to store the content, however this allocation attempt will cause Gaim to crash if the length exceeds the amount of possible memory. This happens when reading profile information on some protocols. It also happens when smiley themes are installed via drag and drop.",
"fix" => "The call to g_malloc() was replaced with a call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.",
@@ -92,7 +92,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN File transfer DOS (malloc error)",
- "date" => "19 October 2004",
+ "date" => "2004-10-19",
"summary" => "Crash when accepting a large file transfer that exceeds the amount of available memory.",
"description" => "Remote crash. After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of available memory.",
"fix" => "Don't allocate a buffer for file transfers.",
@@ -101,7 +101,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN SLP DOS (malloc error)",
- "date" => "19 October 2004",
+ "date" => "2004-10-19",
"summary" => "Crash when receiving malformed MSN SLP message",
"description" => "Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.",
"fix" => "Replace call to g_malloc() with call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.",
@@ -110,7 +110,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN SLP buffer overflow",
- "date" => "19 October 2004",
+ "date" => "2004-10-19",
"cve" => "CVE-2004-0891",
"summary" => "Buffer overflow when receiving unexpected sequence of MSN SLP messages",
"description" => "Buffer overflow. memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances.",
@@ -120,7 +120,7 @@ $vulnerabilities = array(
),
array(
"title" => "AIM/ICQ remote denial of service",
- "date" => "17 February 2005",
+ "date" => "2005-02-17",
"cve" => "CVE-2005-0472",
"summary" => "Client freezes when receiving certain invalid messages",
"description" => "Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate malformed SNACs.",
@@ -130,7 +130,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote DoS on receiving malformed HTML",
- "date" => "17 February 2005",
+ "date" => "2005-02-17",
"cve" => "CVE-2005-0473",
"summary" => "Client crashes when receiving specific malformed HTML",
"description" => "Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.",
@@ -140,7 +140,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote DoS on receiving malformed HTML",
- "date" => "24 February 2005",
+ "date" => "2005-02-24",
"cve" => "CVE-2005-0208",
"summary" => "Client crashes when receiving specific malformed HTML",
"description" => "Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.",
@@ -150,7 +150,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote DoS on receiving malformed HTML",
- "date" => "2 April 2005",
+ "date" => "2005-04-02",
"cve" => "CVE-2005-0965",
"summary" => "Client crash when receiving specific malformed HTML",
"description" => "The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.",
@@ -160,7 +160,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote DoS on receiving certain messages over IRC",
- "date" => "2 April 2005",
+ "date" => "2005-04-02",
"cve" => "CVE-2005-0966",
"summary" => "Client crash and other strange behavior when receiving specific messages over IRC",
"description" => "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.",
@@ -170,7 +170,7 @@ $vulnerabilities = array(
),
array(
"title" => "Jabber remote crash",
- "date" => "4 April 2005",
+ "date" => "2005-04-04",
"cve" => "CVE-2005-0967",
"summary" => "A remote jabber user can cause Gaim to crash by sending a specific file transfer request.",
"description" => "Sending a Gaim Jabber user a certain invalid file transfer request triggers an out-of-bounds read which causes Gaim to crash.",
@@ -180,7 +180,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote crash on some protocols",
- "date" => "10 May 2005",
+ "date" => "2005-05-10",
"cve" => "CVE-2005-1261",
"summary" => "Specially crafted messages on certain protocols can cause a buffer overflow",
"description" => "It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.",
@@ -190,7 +190,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN Remote DoS",
- "date" => "10 May 2005",
+ "date" => "2005-05-10",
"cve" => "CVE-2005-1262",
"summary" => "Remote denial of service when receiving a specially crafted MSN message",
"description" => "Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body.",
@@ -200,7 +200,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote Yahoo! crash",
- "date" => "10 June 2005",
+ "date" => "2005-06-10",
"cve" => "CVE-2005-1269",
"summary" => "Remote denial of service on Yahoo!",
"description" => "Remove denial of service when being offered files with names containing non-ASCII characters.",
@@ -210,7 +210,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN Remote DoS",
- "date" => "10 June 2005",
+ "date" => "2005-06-10",
"cve" => "CVE-2005-1934",
"summary" => "Certain malformed MSN messages can cause gaim to crash",
"description" => "Remote attackers can cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.",
@@ -220,7 +220,7 @@ $vulnerabilities = array(
),
array(
"title" => "Gadu-Gadu memory alignment bug",
- "date" => "11 August 2005",
+ "date" => "2005-08-11",
"cve" => "CVE-2005-2370",
"summary" => "A memory alignment bug in the Gadu-Gadu protocol plugin can result in a buffer overflow",
"description" => "There was a memory alignment bug in the library Gaim uses to access the Gadu-Gadu network. This bug can not be exploited on x86 architectures. This bug was recently fixed in the libgadu library, but also needed to be fixed in Gaim because Gaim includes a copy of the libgadu library.",
@@ -230,7 +230,7 @@ $vulnerabilities = array(
),
array(
"title" => "AIM/ICQ non-UTF-8 filename crash",
- "date" => "11 August 2005",
+ "date" => "2005-08-11",
"cve" => "CVE-2005-2102",
"summary" => "Invalid filenames can cause a crash on some systems",
"description" => "A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+ are especially susceptible.",
@@ -240,7 +240,7 @@ $vulnerabilities = array(
),
array(
"title" => "AIM/ICQ away message buffer overflow",
- "date" => "11 August 2005",
+ "date" => "2005-08-11",
"cve" => "CVE-2005-2103",
"summary" => "Remote users can cause a buffer overflow",
"description" => "A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).",
@@ -250,7 +250,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN Remote \"Nudge\" DoS",
- "date" => "27 September 2007",
+ "date" => "2007-09-27",
"cve" => "CVE-2007-4996",
"summary" => "MSN nudges sent from unknown buddies can cause libpurple 2.2.0 to crash",
"description" => "A remote MSN user that is not on the buddy list can cause a denial of service (crash) by sending a nudge message. The protocol plugin attempts to look up the buddy's information and accesses an invalid memory location if the user is not on the buddy list. This only affects libpurple version 2.2.0, older versions are not affected.",
@@ -260,7 +260,7 @@ $vulnerabilities = array(
),
array(
"title" => "NULL pointer dereference in parsing invalid HTML",
- "date" => "24 October 2007",
+ "date" => "2007-10-24",
"cve" => "CVE-2007-4999",
"summary" => "Receiving invalid HTML can cause libpurple 2.1.0 through 2.2.1 to crash",
"description" => "A remote user can cause a denial of service (crash) by sending a message with invalid HTML. It is believed that this crash can be triggered only when using HTML logging.",
@@ -270,7 +270,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN malformed SLP message overflow",
- "date" => "July 2008",
+ "date" => "2008-07",
"cve" => "CVE-2008-2927",
"summary" => "Malformed SLP messages can cause a buffer overflow",
"description" => "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in libpurple allow remote attackers to execute arbitrary code via a malformed SLP message.",
@@ -280,7 +280,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN Remote file transfer filename DoS",
- "date" => "25 June 2008",
+ "date" => "2008-06-25",
"cve" => "CVE-2008-2955",
"summary" => "MSN file transfers with specially crafted file names can cause libpurple to crash",
"description" => "A remote MSN user can cause a denial of service (crash) by sending a file with a file with a filename containing invalid characters. The local user must then accept the file transfer to trigger a double-free.",
@@ -290,7 +290,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote UPnP discovery DoS",
- "date" => "11 May 2007",
+ "date" => "2007-05-11",
"cve" => "CVE-2008-2957",
"summary" => "A malicious process could pose as a UPnP server and cause libpurple to download excessive data.",
"description" => "The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.",
@@ -300,7 +300,7 @@ $vulnerabilities = array(
),
array(
"title" => "NSS TLS/SSL Certificates not validated",
- "date" => "25 July 2008",
+ "date" => "2008-07-25",
"cve" => "CVE-2008-3532",
"summary" => "No validation on SSL certificates was performed for NSS SSL",
"description" => "The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.",
@@ -310,7 +310,7 @@ $vulnerabilities = array(
),
array(
"title" => "XMPP file transfer buffer overflow",
- "date" => "2 May 2009",
+ "date" => "2009-05-02",
"cve" => "CVE-2009-1373",
"summary" => "Buffer overflow is possible when initiating file transfer to a malicious buddy over XMPP",
"description" => "The XMPP SOCKS5 bytestream server was not correctly checking the bounds of a buffer when initiating an outgoing file transfer.",
@@ -320,7 +320,7 @@ $vulnerabilities = array(
),
array(
"title" => "QQ remote DoS",
- "date" => "3 May 2009",
+ "date" => "2009-05-03",
"cve" => "CVE-2009-1374",
"summary" => "Possible remote denial of service when receiving a QQ packet",
"description" => "decrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash.",
@@ -330,7 +330,7 @@ $vulnerabilities = array(
),
array(
"title" => "Remote DoS in multiple protocols",
- "date" => "20 Mar 2009",
+ "date" => "2009-03-20",
"cve" => "CVE-2009-1375",
"summary" => "Remote denial of service that affects several protocols",
"description" => "A buffer maintained by PurpleCircBuffer may be corrupted if it's exactly full and then more bytes are added to it, leading to a crash. This structure is used by the XMPP and Sametime protocol plugins.",
@@ -340,7 +340,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN malformed SLP message overflow",
- "date" => "2 May 2009",
+ "date" => "2009-05-02",
"cve" => "CVE-2009-1376",
"summary" => "Malformed SLP messages can cause a buffer overflow",
"description" => "The previous fix to <a href=\"/news/security/?id=25\">CVE-2008-2927</a> was deemed incomplete. The size check improperly cast an uint64 to size_t which can cause an integer overflow, rendering the check useless.",
@@ -350,7 +350,7 @@ $vulnerabilities = array(
),
array(
"title" => "ICQ parser excessive memory allocation",
- "date" => "28 May 2009",
+ "date" => "2009-05-28",
"cve" => "CVE-2009-1889",
"summary" => "Misparsed web messages can result in excessive memory allocation",
"description" => "The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation.",
@@ -360,7 +360,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN overflow parsing SLP messages",
- "date" => "18 August 2009",
+ "date" => "2009-08-18",
"cve" => "CVE-2009-2694",
"summary" => "Specially crafted SLP messages can cause a buffer overflow",
"description" => "By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory. This affects all versions of libpurple and Gaim released in the past few years.",
@@ -370,7 +370,7 @@ $vulnerabilities = array(
),
array(
"title" => "Yahoo IM parsing crash",
- "date" => "22 August 2009",
+ "date" => "2009-08-22",
"cve" => "CVE-2009-3025",
"summary" => "Crash in Yahoo protocol plugin when receiving an IM",
"description" => "Possibly depending on the architecture and/or flags used to compile libpurple, the Yahoo protocol plugin may crash when receiving an IM from any user which contains a URL. The only vulnerable version of libpurple is 2.6.0.",
@@ -380,7 +380,7 @@ $vulnerabilities = array(
),
array(
"title" => "XMPP may not enforce TLS",
- "date" => "3 September 2009",
+ "date" => "2009-09-03",
"cve" => "CVE-2009-3026",
"summary" => "XMPP does not always respect the \"require TLS/SSL\" preference",
"description" => "The XMPP protocol plugin can be tricked into establishing an insecure connection by a malicious man in the middle by causing libpurple to use the older IQ-based login and then not offering TLS/SSL. The \"require TLS/SSL\" option was introduced in 2.2.0.",
@@ -391,7 +391,7 @@ $vulnerabilities = array(
),
array(
"title" => "XMPP custom smiley parsing bug",
- "date" => "3 September 2009",
+ "date" => "2009-09-03",
"cve" => "CVE-2009-3085",
"summary" => "XMPP can crash when parsing certain custom smiley responses",
"description" => "The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions may be vulnerable as well.",
@@ -402,7 +402,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN handwritten message crash",
- "date" => "3 September 2009",
+ "date" => "2009-09-03",
"cve" => "CVE-2009-3084",
"summary" => "MSN incorrectly handles incoming handwritten messages, which can lead to a crash",
"description" => "The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.",
@@ -413,7 +413,7 @@ $vulnerabilities = array(
),
array(
"title" => "MSN partial SLP invite crash",
- "date" => "3 September 2009",
+ "date" => "2009-09-03",
"cve" => "CVE-2009-3083",
"summary" => "MSN expects certain values to exist, and crashes if they do not",
"description" => "The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.",
@@ -424,7 +424,7 @@ $vulnerabilities = array(
),
array(
"title" => "IRC crash from malicious server",
- "date" => "3 September 2009",
+ "date" => "2009-09-03",
"cve" => "CVE-2009-2703",
"summary" => "A malicious server can send an invalid IRC message which triggers a crash",
"description" => "A specially crafted IRC TOPIC message can trigger a NULL pointer dereference in the IRC protocol plugin's code for handling IRC topics.",
More information about the Commits
mailing list