Msn Icon DOS on 2.6.5
Ethan Blanton
elb at pidgin.im
Thu Feb 18 19:44:45 EST 2010
John Bailey spake unto us the following wisdom:
> On 02/18/2010 01:24 AM, Elliott Sales de Andrade wrote:
> > I can confirm this crash. I have attached a patch that fixes this issue.
> >
> > I also checked other uses of msn_message_get_bin_data and they appear to
> > be fine.
>
> Is this really something we should consider low severity? If not, we should
> probably ctry to do a minimal 2.6.7 soon that contains only this and other very
> important bug fixes--with no string changes allowed. Either way, everyone
> agreeing on a public disclosure date would be a good idea.
My understanding (correct me if I'm wrong) is that this is certainly
not an exploitable bug, as the only possible invalid access is NULL.
That being the case, I don't know that we need to push a 2.6.7
immediately, but I do think we should look to release sooner, rather
than later.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100218/0d4a92f8/attachment.pgp>
More information about the security
mailing list