/pidgin/main: 6bafdcde2b55: List three security vulnerability fi...

Mark Doliner mark at kingant.net
Tue Jan 28 10:38:11 EST 2014


Changeset: 6bafdcde2b559f0bbf64bc1b39b2a4bb70b58063
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2014-01-12 23:29 -0800
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/6bafdcde2b55

Description:

List three security vulnerability fixes in the ChangeLog.
Thanks to Fabian Yamaguchi and Christian Wressnegger for finding
all of these, and thanks to Daniel Atallah for fixing.

The fixes were committed in 23cbfff68a0c, ef836278304b, and 68d6df7dc69c.

diffstat:

 ChangeLog |  9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diffs (19 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -49,6 +49,15 @@ version 2.10.8:
 	  Cyrus SASL support. (#15517)
 
 	MSN:
+	* Fix NULL pointer dereference parsing headers in MSN.
+	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
+	  University of Goettingen) (CVE-2014-NNNN)
+	* Fix NULL pointer dereference parsing OIM data in MSN.
+	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
+	  University of Goettingen) (CVE-2014-NNNN)
+	* Fix NULL pointer dereference parsing SOAP data in MSN.
+	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
+	  University of Goettingen) (CVE-2014-NNNN)
 	* Fix possible crash when sending very long messages. Not
 	  remotely-triggerable. (Discovered by Matt Jones, Volvent)
 



More information about the Commits mailing list