/pidgin/main: 5c2b82c2873d: Add CVE values, update Sourcefire VR...

Daniel Atallah datallah at pidgin.im
Wed Oct 22 10:20:30 EDT 2014


Changeset: 5c2b82c2873ded9cef79ce8453877ee3288e7cd9
Author:	 Daniel Atallah <datallah at pidgin.im>
Date:	 2014-10-14 12:47 -0400
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/5c2b82c2873d

Description:

Add CVE values, update Sourcefire VRT reference to Cisco Talos

diffstat:

 ChangeLog |  12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diffs (49 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,7 +9,7 @@ version 2.10.10 (10/22/14):
 	  by an anonymous person and Jacob Appelbaum of the Tor Project, with
 	  thanks to Moxie Marlinspike for first publishing about this type of
 	  vulnerability. Thanks to Kai Engert for guidance and for some of the
-	  NSS changes). (CVE-2014-NNNN)
+	  NSS changes) (CVE-2014-3694)
 	* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
 	  (Elrond and Ashish Gupta) (#15909)
 
@@ -20,7 +20,7 @@ version 2.10.10 (10/22/14):
 	Windows-Specific Changes:
 	* Don't allow overwriting arbitrary files on the file system when the
 	  user installs a smiley theme via drag-and-drop. (Discovered by Yves
-	  Younan of Sourcefire VRT)
+	  Younan of Cisco Talos) (CVE-2014-3697)
 	* Updates to dependencies:
 		* NSS 3.17.1 and NSPR 4.10.7
 
@@ -33,7 +33,7 @@ version 2.10.10 (10/22/14):
 	Groupwise:
 	* Fix potential remote crash parsing server message that indicates that
 	  a large amount of memory should be allocated. (Discovered by Yves Younan
-	  and Richard Johnson of Sourcefire VRT) (CVE-2014-NNNN)
+	  and Richard Johnson of Cisco Talos) (CVE-2014-3696)
 
 	IRC:
 	* Fix a possible leak of unencrypted data when using /me command
@@ -41,15 +41,15 @@ version 2.10.10 (10/22/14):
 
 	MXit:
 	* Fix potential remote crash parsing a malformed emoticon response.
-	  (Discovered by Yves Younan and Richard Johnson of Sourcefire VRT)
-	  (CVE-2014-NNNN)
+	  (Discovered by Yves Younan and Richard Johnson of Cisco Talos)
+	  (CVE-2014-3695)
 
 	XMPP:
 	* Fix potential information leak where a malicious XMPP server and
 	  possibly even a malicious remote user could create a carefully crafted
 	  XMPP message that causes libpurple to send an XMPP message containing
 	  arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
-	  Aurich) (CVE-2014-NNNN)
+	  Aurich) (CVE-2014-3698)
 	* Fix Facebook XMPP roster quirks. (#15041, #15957)
 
 	Yahoo:



More information about the Commits mailing list