/www/pidgin: ca93e71f358e: Fix security page URLs to point to hg...
Daniel Atallah
datallah at pidgin.im
Thu Jun 14 14:35:17 EDT 2012
Changeset: ca93e71f358e87ac06c0dfe74f2dcb6acf0881aa
Author: Daniel Atallah <datallah at pidgin.im>
Date: 2012-06-14 14:34 -0400
Branch: default
URL: http://hg.pidgin.im/www/pidgin/rev/ca93e71f358e
Description:
Fix security page URLs to point to hgweb instead of viewmtn
diffstat:
htdocs/news/security/index.php | 58 +++++++++++++++++++++---------------------
1 files changed, 29 insertions(+), 29 deletions(-)
diffs (264 lines):
diff --git a/htdocs/news/security/index.php b/htdocs/news/security/index.php
--- a/htdocs/news/security/index.php
+++ b/htdocs/news/security/index.php
@@ -385,7 +385,7 @@
"summary" => "XMPP does not always respect the \"require TLS/SSL\" preference",
"description" => "The XMPP protocol plugin can be tricked into establishing an insecure connection by a malicious man in the middle by causing libpurple to use the older IQ-based login and then not offering TLS/SSL. The \"require TLS/SSL\" option was introduced in 2.2.0.",
"fix" => "Respect the \"require TLS/SSL\" preference for this type of connection.",
- "fixrevisions" => "55897c4ce0787edc1e7721b7f4a9b5cbc8357279",
+ "fixrevisions" => "447ef31d038a",
"fixedversion" => "2.6.0",
"discoveredby" => "bugdave in <a href=\"http://developer.pidgin.im/ticket/8131\">ticket #8131</a> and Paul Aurich"
),
@@ -396,7 +396,7 @@
"summary" => "XMPP can crash when parsing certain custom smiley responses",
"description" => "The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions may be vulnerable as well.",
"fix" => "Handle error iq responses appropriately.",
- "fixrevisions" => "fd5955618eddcd84d522b30ff11102f9601f38c8",
+ "fixrevisions" => "2da956f23839",
"fixedversion" => "2.6.2",
"discoveredby" => "Florob, Waqas, Paul Aurich and Marcus Lundblad"
),
@@ -407,7 +407,7 @@
"summary" => "MSN incorrectly handles incoming handwritten messages, which can lead to a crash",
"description" => "The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.",
"fix" => "Use the correct character set name and initialize error to NULL.",
- "fixrevisions" => "567e16cbc46168f52482e5ec27626c48e7a5ba95",
+ "fixrevisions" => "b579df23a255",
"fixedversion" => "2.6.2",
"discoveredby" => "aly89 in <a href=\"http://developer.pidgin.im/ticket/10048\">ticket #10048</a> and Elliott Sales de Andrade"
),
@@ -418,7 +418,7 @@
"summary" => "MSN expects certain values to exist, and crashes if they do not",
"description" => "The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.",
"fix" => "Check for NULL values and handle appropriately.",
- "fixrevisions" => "b4a95ea62b81a06ffc1993912471c511b786efdd",
+ "fixrevisions" => "2431bae68adf",
"fixedversion" => "2.6.2",
"discoveredby" => "blackstar in <a href=\"http://developer.pidgin.im/ticket/10159\">ticket #10159</a> and Elliott Sales de Andrade"
),
@@ -429,7 +429,7 @@
"summary" => "A malicious server can send an invalid IRC message which triggers a crash",
"description" => "A specially crafted IRC TOPIC message can trigger a NULL pointer dereference in the IRC protocol plugin's code for handling IRC topics.",
"fix" => "Correctly ignore invalid TOPIC messages sent from the server.",
- "fixrevisions" => "ad2c6ee53ec9122b25aeb1f918db53be69bdeac3",
+ "fixrevisions" => "615584769b59",
"fixedversion" => "2.6.2",
"discoveredby" => "Cristofaro Mune"
),
@@ -440,7 +440,7 @@
"summary" => "A remote user can cause libpurple-based clients to crash",
"description" => "A specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user.",
"fix" => "Check for the correct number of fields before attempting to dereference memory.",
- "fixrevisions" => "781682333aea0c801d280c3507ee25552a60bfc0",
+ "fixrevisions" => "7dc8dfacd548",
"fixedversion" => "2.6.3",
"discoveredby" => "nightwing666 in <a href=\"http://developer.pidgin.im/ticket/10481\">ticket #10481</a>"
),
@@ -451,7 +451,7 @@
"summary" => "A remote user can download arbitrary files from a libpurple-based client",
"description" => "The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.",
"fix" => "Validate the custom emoticon requested is valid before uploading its file data.",
- "fixrevisions" => "c64a1adc8bda2b4aeaae1f273541afbc4f71b810",
+ "fixrevisions" => "7e381f84b894",
"fixedversion" => "2.6.5",
"discoveredby" => "Fabian Yamaguchi"
),
@@ -462,7 +462,7 @@
"summary" => "Failure to validate all fields of an incoming message can trigger a crash",
"description" => "Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly.",
"fix" => "Validate input before attempting to handle the message.",
- "fixrevisions" => "784bc8bff5affb83cee8a5a9353cb0a8220a72ce",
+ "fixrevisions" => "9a3f73531905",
"fixedversion" => "2.6.6",
"discoveredby" => "Fabian Yamaguchi"
),
@@ -473,7 +473,7 @@
"summary" => "Certain nicknames in group chat rooms can trigger a crash in Finch",
"description" => "If a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username '\n' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution.",
"fix" => "Correctly parse '<br>' so that it appears literally rather than as '\n'.",
- "fixrevisions" => "0085c32abf29d034d30feef1ffb1d483e316a9a8,ab4716ed6857f669ceb0296e5480729aafba2e9f",
+ "fixrevisions" => "cf4435714f5f,6c8add94b5a4",
"fixedversion" => "2.6.6",
"discoveredby" => "Sadrul Habib Chowdhury"
),
@@ -484,7 +484,7 @@
"summary" => "Pidgin can become unresponse when displaying large numbers of smileys",
"description" => "oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusably slow.",
"fix" => "A limit was added for the maximum number of smileys allowed in a conversation.",
- "fixrevisions" => "d1009efa4da45e8abd8279b454505554627c67c6",
+ "fixrevisions" => "a783b23a05da",
"fixedversion" => "2.6.6",
"discoveredby" => "Antti Hayrynen"
),
@@ -495,7 +495,7 @@
"summary" => "Libpurple clients can crash due to malformed SLP message",
"description" => "A vulnerability was discovered in libpurple's MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability.",
"fix" => "Validation has been added to the MSN plugin to prevent the crash.",
- "fixrevisions" => "894460d22c434e73d60b71ec031611988e687c8b",
+ "fixrevisions" => "a91ffa611a85",
"fixedversion" => "2.7.0",
"discoveredby" => "Pierre Noguès of Meta Security"
),
@@ -506,7 +506,7 @@
"summary" => "libpurple clients can crash due to malformed X-Status messages",
"description" => "Certain incorrectly formed X-Status messages can cause libpurple to attempt to dereference a NULL pointer, which triggers a crash.",
"fix" => "Improve the parsing of the X-Status message to be more robust",
- "fixrevisions" => "8e8ff246492e45af8f8d0808296d6f2906794dc0",
+ "fixrevisions" => "a56f371f289a",
"fixedversion" => "2.7.2",
"discoveredby" => "Mark Doliner"
),
@@ -517,7 +517,7 @@
"summary" => "Multiple remotely-triggered denials of service",
"description" => "It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.",
"fix" => "Check the return value from purple_base64_decode() before trying to use it.",
- "fixrevisions" => "b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc",
+ "fixrevisions" => "1a7e2da2ab01",
"fixedversion" => "2.7.4",
"discoveredby" => "Daniel Atallah"
),
@@ -528,7 +528,7 @@
"summary" => "Remotely-triggered denial of service in MSN",
"description" => "It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle "short" packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference. Malicious clients or users can exploit this to cause a denial of service (crash).",
"fix" => "Ignore short packets.",
- "fixrevisions" => "aaa07bde3c51d3684391ae6ed86b6dbaeab5d031",
+ "fixrevisions" => "26fc2e71129a",
"fixedversion" => "2.7.9",
"discoveredby" => "Stu Tomlinson"
),
@@ -538,7 +538,7 @@
"summary" => "Potential local information disclosure in libpurple",
"description" => "It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.",
"fix" => "Proper structure clearing has been implemented.",
- "fixrevisions" => "16f4c309528b82961b169edb8b74b9061db6c471",
+ "fixrevisions" => "8c850977cb42",
"fixedversion" => "2.7.10",
"discoveredby" => "Julia Lawall"
),
@@ -549,7 +549,7 @@
"summary" => "Improper handling of malformed packets leads to denial of service",
"description" => "The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.",
"fix" => "Properly handle malformed packets by ignoring the packet or the missing field.",
- "fixrevisions" => "a7c415abba1f5f01f79295337518837f73d99bb7",
+ "fixrevisions" => "3efb6fbae94a",
"fixedversion" => "2.7.11",
"discoveredby" => "Marius Wachtler"
),
@@ -560,7 +560,7 @@
"summary" => "A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use",
"description" => "It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Using this structure, possibly containing a huge width and height, could lead to the application being terminated due to excessive memory use.",
"fix" => "Change Pidgin to look at the GError parameter in addition to the return value when calling certain gdk-pixbuf functions.",
- "fixrevisions" => "e802003adbf0be4496de3de8ac03b47c1e471d00",
+ "fixrevisions" => "96183796df0c",
"fixedversion" => "2.9.0",
"discoveredby" => "Mark Doliner"
),
@@ -570,7 +570,7 @@
"cve" => "CVE-2011-2943",
"description" => "Certain characters in the nicknames of IRC users can trigger a null pointer dereference in the IRC protocol plugin's handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected.",
"fix" => "Change libpurple to validate the data it receives from the server before attempting to use it.",
- "fixrevisions" => "5c2dba4a7e2e76b76e7f472b88953a4316706d43",
+ "fixrevisions" => "619f32df41f1",
"fixedversion" => "2.10.0",
"discoveredby" => "Djego Ibanez, Lead QA at Gamistry"
),
@@ -580,7 +580,7 @@
"cve" => "CVE-2011-3184",
"description" => "Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause the application to attempt to access memory that it does not have access to. This only affects users who have turned on the HTTP connection method for their accounts (it's off by default). This might only be triggerable by a malicious server and not a malicious peer. We believe remote code execution is not possible.",
"fix" => "Correctly take into account the size of HTTP 100 response when parsing server messages.",
- "fixrevisions" => "16af0661899a978b4fedc1c165965b85009013d1",
+ "fixrevisions" => "2379d8500566",
"fixedversion" => "2.10.0",
"discoveredby" => "Marius Wachtler"
),
@@ -590,7 +590,7 @@
"cve" => "CVE-2011-3185",
"description" => "If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin, Pidgin attempts to execute the file. This can be dangerous if the file:// URI is a path on a network share.",
"fix" => "Don't attempt to execute files when the user clicks a file:// URI. Instead, open a file browser at the file's location.",
- "fixrevisions" => "5749f9193063800d27bef75c2388f6f9cc2f7f37",
+ "fixrevisions" => "4377067bda01",
"fixedversion" => "2.10.0",
"discoveredby" => "James Burton, Insomnia Security"
),
@@ -600,7 +600,7 @@
"cve" => "CVE-2011-3594",
"description" => "When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash.",
"fix" => "Validate incoming strings as UTF-8 before using them as such.",
- "fixrevisions" => "7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8",
+ "fixrevisions" => "69372ee4f474",
"fixedversion" => "2.10.1",
"discoveredby" => "Diego Bauche Madero from IOActive"
),
@@ -610,7 +610,7 @@
"cve" => "CVE-2011-4601",
"description" => "When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash.",
"fix" => "Validate incoming strings as UTF-8 before using them as such.",
- "fixrevisions" => "757272a78a8ca6027d518e614712c3399e34dda3",
+ "fixrevisions" => "8431da66063b",
"fixedversion" => "2.10.1",
"discoveredby" => "Evgeny Boger"
),
@@ -620,7 +620,7 @@
"cve" => "CVE-2011-4602",
"description" => "When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing.",
"fix" => "Check for missing fields and handle them appropriately.",
- "fixrevisions" => "fb216fc88b085afc06d9a15209519cde1f4df6c6",
+ "fixrevisions" => "15eb0e242206",
"fixedversion" => "2.10.1",
"discoveredby" => "Thijs Alkemade"
),
@@ -630,7 +630,7 @@
"cve" => "CVE-2011-4603",
"description" => "When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This vulnerability is similar to CVE-2011-3594, but occurs in a different piece of code and was fixed at a later date.",
"fix" => "Validate incoming strings as UTF-8 before using them as such.",
- "fixrevisions" => "afb9ede3de989f217f03d5670cca00e628bd11f1",
+ "fixrevisions" => "fa8d4132d071",
"fixedversion" => "2.10.1",
"discoveredby" => "Diego Bauche Madero from IOActive"
),
@@ -640,7 +640,7 @@
"cve" => "CVE-2011-4939",
"description" => "Certain types of nickname changes in XMPP chat rooms can trigger a NULL pointer dereference in Pidgin, which triggers a crash.",
"fix" => "Check for NULL before trying to use a struct.",
- "fixrevisions" => "d1d77da56217f3a083e1d459bef054db9f1d5699",
+ "fixrevisions" => "92fdfe84de21",
"fixedversion" => "2.10.2",
"discoveredby" => "Clemens Huebner in <a href=\"http://developer.pidgin.im/ticket/14392\">ticket #14392</a> and Kevin Stange"
),
@@ -650,7 +650,7 @@
"cve" => "CVE-2012-1178",
"description" => "In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text.",
"fix" => "Verify that incoming text is UTF-8, and sanitize if it's not.",
- "fixrevisions" => "3053d6a37cc6d8774aba7607b992a4408216adcd,ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e,b1b8c222ab921963f43e83502b6c6e2e4489a8c4,fdb56683f2b5f88f7b388aaef6c53c810d19e374,f12c9f6a6c31bcd3512f162209285a88a86595ff",
+ "fixrevisions" => "1b1b97b8e942,f9eeb175a5c9,f5fd49c83637,5c02bc93f2c4,85ec889f1675",
"fixedversion" => "2.10.2",
"discoveredby" => "Thijs Alkemade in <a href=\"http://developer.pidgin.im/ticket/14884\">ticket #14884</a>"
),
@@ -660,7 +660,7 @@
"cve" => "CVE-2012-2214",
"description" => "A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.",
"fix" => "Correctly cancel and free a SOCKS5 connection attempt so that it does not trigger an attempt to access invalid memory later.",
- "fixrevisions" => "d991ff6d558d185527a09eae0378edb3fc7057a5",
+ "fixrevisions" => "5f9d676cefdb",
"fixedversion" => "2.10.4",
"discoveredby" => "José ValentÃn Gutiérrez"
),
@@ -670,7 +670,7 @@
"cve" => "CVE-2012-2318",
"description" => "Incoming messages with certain characters or character encodings can cause clients to crash.",
"fix" => "The contents of all incoming plaintext messages are converted to UTF-8 and validated before used.",
- "fixrevisions" => "94cbd5a68ee237c970d8bd6d9d53106f1b9627ad",
+ "fixrevisions" => "4d6bcb4f4ea4",
"fixedversion" => "2.10.4",
"discoveredby" => "Fabian Yamaguchi"
)
@@ -795,7 +795,7 @@
foreach (explode(',', $vun['fixrevisions']) as $revision) {
if (!empty($fixrevisions))
$fixrevisions .= "<br/>";
- $fixrevisions .= "<a href=\"http://developer.pidgin.im/viewmtn/revision/info/$revision\">$revision</a>";
+ $fixrevisions .= "<a href=\"http://hg.pidgin.im/pidgin/main/rev/$revision\">$revision</a>";
}
echo "<tr><th>Fixed in Revision</th><td>", $fixrevisions, "</td></tr>\n";
}
More information about the Commits
mailing list