/www/pidgin: 86745ee0afbf: Fix dates.

Daniel Atallah datallah at pidgin.im
Thu Jan 30 00:46:00 EST 2014


Changeset: 86745ee0afbf9594702974da4262292743e3d4b3
Author:	 Daniel Atallah <datallah at pidgin.im>
Date:	 2014-01-30 00:45 -0500
Branch:	 default
URL: https://hg.pidgin.im/www/pidgin/rev/86745ee0afbf

Description:

Fix dates.

diffstat:

 htdocs/news/security/index.php |  34 +++++++++++++++++-----------------
 1 files changed, 17 insertions(+), 17 deletions(-)

diffs (156 lines):

diff --git a/htdocs/news/security/index.php b/htdocs/news/security/index.php
--- a/htdocs/news/security/index.php
+++ b/htdocs/news/security/index.php
@@ -726,7 +726,7 @@
 	),
 	array(
 		"title"        => "Windows Pidgin crash receiving some characters",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "",
 		"description"  => "The library used to render fonts would sometimes crash when attempting to display certain Unicode characters.",
 		"fix"          => "Patch the version of Pango that we bundle with our installer to not crash when displaying these characters.",
@@ -736,7 +736,7 @@
 	),
 	array(
 		"title"        => "Yahoo! remote crash from incorrect character encoding",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2012-6152",
 		"description"  => "Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings.  This can lead to a crash when receiving strings that aren't UTF-8.",
 		"fix"          => "Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.",
@@ -746,7 +746,7 @@
 	),
 	array(
 		"title"        => "Crash handling bad XMPP timestamp",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6477",
 		"description"  => "A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future.",
 		"fix"          => "Avoid passing negative timestamps to localtime().",
@@ -756,7 +756,7 @@
 	),
 	array(
 		"title"        => "Crash when hovering pointer over a long URL",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6478",
 		"description"  => "libX11 forcefully exits when Pidgin tries to create an exceptionally wide tooltip window.",
 		"fix"          => "Only display the first 200 characters of the URL in the tooltip.",
@@ -766,7 +766,7 @@
 	),
 	array(
 		"title"        => "Remote crash parsing HTTP responses",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6479",
 		"description"  => "A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash.",
 		"fix"          => "Validate response before using it.",
@@ -776,7 +776,7 @@
 	),
 	array(
 		"title"        => "Remote crash reading Yahoo! P2P message",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6481",
 		"description"  => "The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash.",
 		"fix"          => "Check that the length is within range.",
@@ -786,7 +786,7 @@
 	),
 	array(
 		"title"        => "NULL pointer dereference parsing headers in MSN",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6482",
 		"description"  => "A malformed Content-Length header could lead to a NULL pointer dereference.",
 		"fix"          => "Check to make sure the Content-Length header has a value.",
@@ -796,7 +796,7 @@
 	),
 	array(
 		"title"        => "NULL pointer dereference parsing OIM data in MSN",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6482",
 		"description"  => "A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.",
 		"fix"          => "Check for NULL before calling atoi().",
@@ -806,7 +806,7 @@
 	),
 	array(
 		"title"        => "NULL pointer dereference parsing SOAP data in MSN",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6482",
 		"description"  => "A malicious server or man-in-the-middle could send us a specially-crafted SOAP response that results in a NULL pointer dereference.",
 		"fix"          => "Check for NULL before using values.",
@@ -816,7 +816,7 @@
 	),
 	array(
 		"title"        => "XMPP doesn't verify 'from' on some iq replies",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6483",
 		"description"  => "The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference.",
 		"fix"          => "Keep track of the 'to' when sending an iq stanza and make sure replies for a given stanza ID come from the same address it was sent to.",
@@ -826,7 +826,7 @@
 	),
 	array(
 		"title"        => "Crash reading response from STUN server",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6484",
 		"description"  => "Incorrect error handling when reading the response from a STUN server could lead to a crash.",
 		"fix"          => "Fix error handling.",
@@ -836,7 +836,7 @@
 	),
 	array(
 		"title"        => "Buffer overflow parsing chunked HTTP responses",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6485",
 		"description"  => "A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes.",
 		"fix"          => "Enforce a maximum size for chunks.",
@@ -846,7 +846,7 @@
 	),
 	array(
 		"title"        => "Pidgin uses clickable links to untrusted executables",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6486",
 		"description"  => "If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin, Pidgin attempts to execute the file. This can be dangerous if the file:// URI is a path on a network share. This was <a href=\"?id=55\">originally reported in CVE-2011-3185 in 2011</a> and we attempted to fix it then, but failed.",
 		"fix"          => "Don't attempt to execute files when the user clicks a file:// URI. Instead, open a file browser at the file's location.",
@@ -856,7 +856,7 @@
 	),
 	array(
 		"title"        => "Buffer overflow in Gadu-Gadu HTTP parsing",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6487",
 		"description"  => "A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.",
 		"fix"          => "Enforce a maximum size for content-length.",
@@ -866,7 +866,7 @@
 	),
 	array(
 		"title"        => "Buffer overflow in MXit emoticon parsing",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6489",
 		"description"  => "A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.",
 		"fix"          => "Use an unsigned integer and enforce a maximum size.",
@@ -876,7 +876,7 @@
 	),
 	array(
 		"title"        => "Buffer overflow in SIMPLE header parsing",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2013-6490",
 		"description"  => "A Content-Length of -1 could lead to a buffer overflow.",
 		"fix"          => "Ignore messages with negative values for Content-Length.",
@@ -886,7 +886,7 @@
 	),
 	array(
 		"title"        => "Remotely triggerable crash in IRC argument parsing",
-		"date"         => "2014-02-28",
+		"date"         => "2014-01-28",
 		"cve"          => "CVE-2014-0020",
 		"description"  => "A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.",
 		"fix"          => "Verify that incoming messages contain the appropriate number of arguments before handling them.",



More information about the Commits mailing list