Msn Icon DOS on 2.6.5

Ethan Blanton elb at
Thu Feb 18 19:44:45 EST 2010

John Bailey spake unto us the following wisdom:
> On 02/18/2010 01:24 AM, Elliott Sales de Andrade wrote:
> > I can confirm this crash. I have attached a patch that fixes this issue.
> > 
> > I also checked other uses of msn_message_get_bin_data and they appear to
> > be fine.
> Is this really something we should consider low severity?  If not, we should
> probably ctry to do a minimal 2.6.7 soon that contains only this and other very
> important bug fixes--with no string changes allowed.  Either way, everyone
> agreeing on a public disclosure date would be a good idea.

My understanding (correct me if I'm wrong) is that this is certainly
not an exploitable bug, as the only possible invalid access is NULL.
That being the case, I don't know that we need to push a 2.6.7
immediately, but I do think we should look to release sooner, rather
than later.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list