ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Richard Laager rlaager at pidgin.im
Thu Jun 26 13:28:38 EDT 2008


On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
> I think the vulnerability is valid, but I think our fix needs to make sure
> we're not wrapping back to 0.

Any idea on the right way to do that?

Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20080626/efab1873/attachment.pgp 


More information about the Packagers mailing list