purple_util_fetch_url vulnerability

Mark Doliner mark at kingant.net
Tue Jan 14 02:15:25 EST 2014

Thanks for fixing this one, too! I added another line to ChangeLog for
it, and I'll request a CVE along with the others.

In your last email you had mentioned that you were planning to specify
the max fetch size for various places in the code. Just wanted to
mention it in case you still want to do it. It doesn't seem critical
to me, at least not in 2.x.y.

More information about the security mailing list