Various buffer overruns in coverity scan
John Bailey
rekkanoryo at rekkanoryo.org
Thu Oct 18 21:14:43 EDT 2012
On 10/18/2012 04:48 PM, Daniel Atallah wrote:
> I've noticed a couple buffer overruns, the most serious being CID
> 732103, which I believe can be triggered by a malicious user with a
> AIM direct connect session.
>
> There are also some significant issues with the mxit prpl's http handling.
>
> Would we get separate CVEs for these (and anything else), or come up
> with a general 2.10.7 CVE for this class of issues?
Are they the same root cause (i.e. insufficient bounds checking, unchecked
writing into a fixed-size buffer, or something of that sort), or are they
different? If the causes are different, we should get a CVE for each cause.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121018/42bed30b/attachment.pgp>
More information about the security
mailing list