www: abe75e7c: Updated CVEs from Jan Lieskovsky of Red ...

markdoliner at pidgin.im markdoliner at pidgin.im
Sat Dec 10 19:36:02 EST 2011 

----------------------------------------------------------------------
Revision: abe75e7c4b7da788fd34fa936a83d8378d3d92cd
Parent:   3ac6b89e8895945ae5b8e43cabc4b07161e74ab5
Author:   markdoliner at pidgin.im
Date:     12/10/11 19:32:45
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/abe75e7c4b7da788fd34fa936a83d8378d3d92cd

Changelog: 

Updated CVEs from Jan Lieskovsky of Red Hat

Changes against parent 3ac6b89e8895945ae5b8e43cabc4b07161e74ab5

  patched  htdocs/news/security/index.php

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	bdcb22fad8dcbb4cb592a7c6aaf38803eadbdcaa
+++ htdocs/news/security/index.php	75ee0274ac6cb975b0b1f19b27402216b4af71f5
@@ -605,6 +605,16 @@ $vulnerabilities = array(
 		"discoveredby" => "Diego Bauche Madero from IOActive"
 	),
 	array(
+		"title"        => "SILC remote crash",
+		"date"         => "2011-09-29",
+		"cve"          => "CVE-2011-4603",
+		"description"  => "When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8.  In some cases invalid UTF-8 data would lead to a crash.  This vulnerability is similar to CVE-2011-3594, but occurs in a different piece of code and was fixed at a later date.",
+		"fix"          => "Validate incoming strings as UTF-8 before using them as such.",
+		"fixrevisions" => "7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8,afb9ede3de989f217f03d5670cca00e628bd11f1",
+		"fixedversion" => "2.10.1",
+		"discoveredby" => "Diego Bauche Madero from IOActive"
+	),
+	array(
 		"title"        => "AIM and ICQ remote crash",
 		"date"         => "2011-10-20",
 		"cve"          => "CVE-2011-4601",
@@ -617,7 +627,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "XMPP remote crash",
 		"date"         => "2011-12-10",
-		"cve"          => "",
+		"cve"          => "CVE-2011-4602",
 		"description"  => "When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing.",
 		"fix"          => "Check for missing fields and handle them appropriately.",
 		"fixrevisions" => "fb216fc88b085afc06d9a15209519cde1f4df6c6",

More information about the Commits mailing list