[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Tomas Hoger thoger at redhat.com
Thu Aug 13 08:28:48 EDT 2009

On Wed, 12 Aug 2009 17:38:51 -0700 Mark Doliner <mark at kingant.net>

> Yeah, this seems like it would be a complete absolute fix for this
> problem.  How does an slpmsg get to a point where size is set to some
> large value but buffer is NULL?

Probably better to ask "why" rather than "how".  For the how part, size
gets copied from the original messages to ack message in
msn_slplink_send_ack().  I don't dare to comment on the why part though.

Tomas Hoger

More information about the Packagers mailing list