question about the CVE-2014-3775 fix
Murray McAllister
mmcallis at redhat.com
Mon May 26 00:04:43 EDT 2014
Good morning,
Apologies if you were already told about this. I noticed the following
commit (linked from
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3775.html):
https://hg.pidgin.im/pidgin/main/rev/fd11790cc4d6
It appears to be missing this commit:
https://github.com/wojtekka/libgadu/commit/f45ff34dfe2edab54d6fa185e8b87246ab100bd4
I looked in pidgin-2.10.9.tar.bz2 and it was also using
"gg_fix32(pkt->rcount > 256)" instead of "gg_fix32(pkt->rcount) > 256".
Cheers,
--
Murray McAllister / Red Hat Security Response Team
More information about the security
mailing list