www: e1f9b58f: Add the two security problems that got f...

markdoliner at pidgin.im markdoliner at pidgin.im
Wed Mar 14 03:17:20 EDT 2012 

----------------------------------------------------------------------
Revision: e1f9b58f80d233842d4d48512086bd4fdedea524
Parent:   80e1f1e01d2b84b9dbba0d32de9a2acc1457a376
Author:   markdoliner at pidgin.im
Date:     03/14/12 03:15:34
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/e1f9b58f80d233842d4d48512086bd4fdedea524

Changelog: 

Add the two security problems that got fixed in 2.10.2.  Feel free to
proof read.

Changes against parent 80e1f1e01d2b84b9dbba0d32de9a2acc1457a376

  patched  htdocs/news/security/index.php

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	06ab3f610724c0aff79fec06aa1ccb073ec27337
+++ htdocs/news/security/index.php	b96760544858e642129addb65f5c109384b97a11
@@ -633,6 +633,26 @@ $vulnerabilities = array(
 		"fixrevisions" => "afb9ede3de989f217f03d5670cca00e628bd11f1",
 		"fixedversion" => "2.10.1",
 		"discoveredby" => "Diego Bauche Madero from IOActive"
+	),
+	array(
+		"title"        => "XMPP remote crash",
+		"date"         => "2011-07-08",
+		"cve"          => "",
+		"description"  => "Certain types of nickname changes in XMPP chat rooms can trigger a NULL pointer dereference in Pidgin, which triggers a crash.",
+		"fix"          => "Check for NULL before trying to use a struct.",
+		"fixrevisions" => "d1d77da56217f3a083e1d459bef054db9f1d5699",
+		"fixedversion" => "2.10.2",
+		"discoveredby" => "Clemens Huebner in <a href=\"http://developer.pidgin.im/ticket/14392\">ticket #14392</a> and Kevin Stange"
+	),
+	array(
+		"title"        => "Possible MSN remote crash",
+		"date"         => "2012-01-17",
+		"cve"          => "",
+		"description"  => "In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding.  In some cases this can lead to a crash when attempting to display the text.",
+		"fix"          => "Verify that incoming text is UTF-8, and sanitize if it's not.",
+		"fixrevisions" => "3053d6a37cc6d8774aba7607b992a4408216adcd,ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e,b1b8c222ab921963f43e83502b6c6e2e4489a8c4,fdb56683f2b5f88f7b388aaef6c53c810d19e374,f12c9f6a6c31bcd3512f162209285a88a86595ff",
+		"fixedversion" => "2.10.2",
+		"discoveredby" => "Thijs Alkemade in <a href=\"http://developer.pidgin.im/ticket/14884\">ticket #14884</a>"
 	)
 );
 /*	Template for the unfortunate future

More information about the Commits mailing list