ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
mark at kingant.net
Thu Jun 26 18:13:42 EDT 2008
On Thu, 26 Jun 2008 13:51:30 -0400, Josh Bressers wrote
> On 26 June 2008, Richard Laager wrote:
> > On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
> > > I think the vulnerability is valid, but I think our fix needs to make sur=
> > e
> > > we're not wrapping back to 0.
> > Any idea on the right way to do that?
> Look at this:
> The whole guide is quite good.
> I'll see about CVE ids hopefully later today. I've been terribly bogged
> down with other things and I've not found time for this yet. Sorry.
That would be great.
More information about the Packagers