Possible null pointer dereference in msn httpconn.c
John Bailey
rekkanoryo at rekkanoryo.org
Fri Mar 25 08:29:46 EDT 2011
On 03/22/2011 08:26 PM, Marius Wachtler wrote:
<snip>
> This is will crash at least on my linux machine.
>
> I think this can only be triggered by a malicious server therefore
> this should not have big consequences.
>
> -- Marius Wachtler
Hello again, Marius.
Thanks for this report. I'm sorry no one's gotten back to you about this yet.
I will definitely keep it on my radar for the upcoming 2.8.0 release. The
release is still about a month away, as this is a larger API-adding and possibly
feature-adding release. (The release is scheduled for April 23 or April 30,
depending on how many strings translators have to deal with.) Since this does
seem to be a less severe vulnerability, I feel comfortable holding a fix until
then, unless something more severe comes up necessitating a quick 2.7.12.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110325/6aa56ed1/attachment.pgp>
More information about the security
mailing list