Possible null-pointer dereference in libpurple /protocols/yahoo/libymsg.c
John Bailey
rekkanoryo at rekkanoryo.org
Thu Feb 24 20:27:51 EST 2011
On 02/24/2011 08:16 PM, John Bailey wrote:
> In the interest of safety, I will,
> of course, investigate a fix for this.
>
> Since this is something that isn't exactly high-visibility, I'd like to propose
> that this vulnerability not be disclosed until 2011-03-10, when I plan to push
> the release of Pidgin 2.7.11 with a fix to this issue.
Attached is my proposed patch to fix this issue. Additional eyes would be welcome!
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yahoo-sms-remote-crash-fix.diff
Type: text/x-patch
Size: 1149 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110224/b9ae4991/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110224/b9ae4991/attachment.pgp>
More information about the security
mailing list