Denial of Service Vulnerabilities
Daniel Atallah
daniel.atallah at gmail.com
Sat Mar 2 13:19:22 EST 2013
On Mon, Feb 25, 2013 at 9:14 AM, Fabian Yamaguchi
<fabian.yamaguchi at cs.uni-goettingen.de> wrote:
> Hi Pidgin Security Team,
>
> we would like to report some denial of service vulnerabilities we
> found during our research on automatically identifying missing checks
> in source code. Two of these crashes can be triggered by another user.
<SNIP>
I've attached patches to address the MSN issues (1, 3, 4).
I did notice and correct some additional similar issues in
msn_fault_handling.patch.
I passed on the mxit (5) issue to the mxit guys (you should have seen
a message about that), and my understanding is that Thijs will be
coming up with a patch for the xmpp issue (2).
-D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msn_msg_header_parse.patch
Type: application/octet-stream
Size: 1519 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130302/ab60e52e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msn_oim_mail_count.patch
Type: application/octet-stream
Size: 847 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130302/ab60e52e/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msn_fault_handling.patch
Type: application/octet-stream
Size: 3885 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130302/ab60e52e/attachment-0002.obj>
More information about the security
mailing list