Remote crashes being fixed in 2.6.2
Warren Togami
wtogami at redhat.com
Thu Sep 3 12:33:12 EDT 2009
On 09/03/2009 11:53 AM, Paul Aurich wrote:
> Per Warren's request, this is a list of remote crashes being fixed in
> 2.6.2. The XMPP crash, at the least, probably impacts everything back to
> and including 2.5.2 (when that support was added). I don't know about
> the others.
>
> * XMPP crash when receiving a message with a custom smiley from a client
> that doesn't actually support custom smileys.
> http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8
>
> * MSN #10159 - Crash from users of the KMess 2.1dev client.
> * MSN #10048.
They want to know if these are only exploitable by people on your buddy
list by default?
> * An IRC NULL pointer dereference crash posted to the devel at pidgin.im
> mailing list. http://pidgin.im/pipermail/devel/2009-September/008850.html
>
CVE-2009-2703 has been assigned for the IRC issue.
https://bugzilla.redhat.com/show_bug.cgi?id=519224
CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber
servers (edit)
Already fixed in 2.6.0. But if we try to put together a 2.5.10 security
only release we would need to include this as well.
Warren Togami
wtogami at redhat.com
Warren
More information about the Packagers
mailing list