/www/pidgin: 86745ee0afbf: Fix dates.
Daniel Atallah
datallah at pidgin.im
Thu Jan 30 00:46:00 EST 2014
Changeset: 86745ee0afbf9594702974da4262292743e3d4b3
Author: Daniel Atallah <datallah at pidgin.im>
Date: 2014-01-30 00:45 -0500
Branch: default
URL: https://hg.pidgin.im/www/pidgin/rev/86745ee0afbf
Description:
Fix dates.
diffstat:
htdocs/news/security/index.php | 34 +++++++++++++++++-----------------
1 files changed, 17 insertions(+), 17 deletions(-)
diffs (156 lines):
diff --git a/htdocs/news/security/index.php b/htdocs/news/security/index.php
--- a/htdocs/news/security/index.php
+++ b/htdocs/news/security/index.php
@@ -726,7 +726,7 @@
),
array(
"title" => "Windows Pidgin crash receiving some characters",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "",
"description" => "The library used to render fonts would sometimes crash when attempting to display certain Unicode characters.",
"fix" => "Patch the version of Pango that we bundle with our installer to not crash when displaying these characters.",
@@ -736,7 +736,7 @@
),
array(
"title" => "Yahoo! remote crash from incorrect character encoding",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2012-6152",
"description" => "Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8.",
"fix" => "Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.",
@@ -746,7 +746,7 @@
),
array(
"title" => "Crash handling bad XMPP timestamp",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6477",
"description" => "A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future.",
"fix" => "Avoid passing negative timestamps to localtime().",
@@ -756,7 +756,7 @@
),
array(
"title" => "Crash when hovering pointer over a long URL",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6478",
"description" => "libX11 forcefully exits when Pidgin tries to create an exceptionally wide tooltip window.",
"fix" => "Only display the first 200 characters of the URL in the tooltip.",
@@ -766,7 +766,7 @@
),
array(
"title" => "Remote crash parsing HTTP responses",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6479",
"description" => "A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash.",
"fix" => "Validate response before using it.",
@@ -776,7 +776,7 @@
),
array(
"title" => "Remote crash reading Yahoo! P2P message",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6481",
"description" => "The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash.",
"fix" => "Check that the length is within range.",
@@ -786,7 +786,7 @@
),
array(
"title" => "NULL pointer dereference parsing headers in MSN",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6482",
"description" => "A malformed Content-Length header could lead to a NULL pointer dereference.",
"fix" => "Check to make sure the Content-Length header has a value.",
@@ -796,7 +796,7 @@
),
array(
"title" => "NULL pointer dereference parsing OIM data in MSN",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6482",
"description" => "A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.",
"fix" => "Check for NULL before calling atoi().",
@@ -806,7 +806,7 @@
),
array(
"title" => "NULL pointer dereference parsing SOAP data in MSN",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6482",
"description" => "A malicious server or man-in-the-middle could send us a specially-crafted SOAP response that results in a NULL pointer dereference.",
"fix" => "Check for NULL before using values.",
@@ -816,7 +816,7 @@
),
array(
"title" => "XMPP doesn't verify 'from' on some iq replies",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6483",
"description" => "The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference.",
"fix" => "Keep track of the 'to' when sending an iq stanza and make sure replies for a given stanza ID come from the same address it was sent to.",
@@ -826,7 +826,7 @@
),
array(
"title" => "Crash reading response from STUN server",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6484",
"description" => "Incorrect error handling when reading the response from a STUN server could lead to a crash.",
"fix" => "Fix error handling.",
@@ -836,7 +836,7 @@
),
array(
"title" => "Buffer overflow parsing chunked HTTP responses",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6485",
"description" => "A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes.",
"fix" => "Enforce a maximum size for chunks.",
@@ -846,7 +846,7 @@
),
array(
"title" => "Pidgin uses clickable links to untrusted executables",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6486",
"description" => "If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin, Pidgin attempts to execute the file. This can be dangerous if the file:// URI is a path on a network share. This was <a href=\"?id=55\">originally reported in CVE-2011-3185 in 2011</a> and we attempted to fix it then, but failed.",
"fix" => "Don't attempt to execute files when the user clicks a file:// URI. Instead, open a file browser at the file's location.",
@@ -856,7 +856,7 @@
),
array(
"title" => "Buffer overflow in Gadu-Gadu HTTP parsing",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6487",
"description" => "A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.",
"fix" => "Enforce a maximum size for content-length.",
@@ -866,7 +866,7 @@
),
array(
"title" => "Buffer overflow in MXit emoticon parsing",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6489",
"description" => "A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.",
"fix" => "Use an unsigned integer and enforce a maximum size.",
@@ -876,7 +876,7 @@
),
array(
"title" => "Buffer overflow in SIMPLE header parsing",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2013-6490",
"description" => "A Content-Length of -1 could lead to a buffer overflow.",
"fix" => "Ignore messages with negative values for Content-Length.",
@@ -886,7 +886,7 @@
),
array(
"title" => "Remotely triggerable crash in IRC argument parsing",
- "date" => "2014-02-28",
+ "date" => "2014-01-28",
"cve" => "CVE-2014-0020",
"description" => "A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.",
"fix" => "Verify that incoming messages contain the appropriate number of arguments before handling them.",
More information about the Commits
mailing list