www: 5fd71006: Peeps on the oss-security mailing list s...

markdoliner at pidgin.im markdoliner at pidgin.im
Mon Aug 22 18:30:27 EDT 2011 

----------------------------------------------------------------------
Revision: 5fd71006fdbf714e134a526d695fdcda64d0b893
Parent:   67f7be9934ab304dd6265913313b38ea8805ab84
Author:   markdoliner at pidgin.im
Date:     08/22/11 18:27:13
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/5fd71006fdbf714e134a526d695fdcda64d0b893

Changelog: 

Peeps on the oss-security mailing list seemed interested in having CVEs for
these.

Changes against parent 67f7be9934ab304dd6265913313b38ea8805ab84

  patched  htdocs/news/security/index.php

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	bbdd0af5fc0ce8855fbb11278f3b4e7a34fab361
+++ htdocs/news/security/index.php	408e753b3bf114e6de59d021a41ea058f553864e
@@ -577,7 +577,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote crash in MSN protocol plugin",
 		"date"         => "2011-08-20",
-		"cve"          => "",
+		"cve"          => "CVE-2011-3184",
 		"description"  => "Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause the application to attempt to access memory that it does not have access to.  This only affects users who have turned on the HTTP connection method for their accounts (it's off by default).  This might only be triggerable by a malicious server and not a malicious peer.  We believe remote code execution is not possible.",
 		"fix"          => "Correctly take into account the size of HTTP 100 response when parsing server messages.",
 		"fixrevisions" => "16af0661899a978b4fedc1c165965b85009013d1",
@@ -587,7 +587,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Pidgin uses clickable links to untrusted executables",
 		"date"         => "2011-08-20",
-		"cve"          => "",
+		"cve"          => "CVE-2011-3185",
 		"description"  => "If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin, Pidgin attempts to execute the file.  This can be dangerous if the file:// URI is a path on a network share.",
 		"fix"          => "Don't attempt to execute files when the user clicks a file:// URI.  Instead, open a file browser at the file's location.",
 		"fixrevisions" => "5749f9193063800d27bef75c2388f6f9cc2f7f37",

More information about the Commits mailing list