ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Josh Bressers bressers at redhat.com
Thu Jun 26 13:51:30 EDT 2008

On 26 June 2008, Richard Laager wrote:
> On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
> > I think the vulnerability is valid, but I think our fix needs to make sur=
> e
> > we're not wrapping back to 0.
> Any idea on the right way to do that?

Look at this:

The whole guide is quite good.

I'll see about CVE ids hopefully later today.  I've been terribly bogged
down with other things and I've not found time for this yet.  Sorry.


More information about the Packagers mailing list