Summary of security stuff for 2.12.1
dequis
dx at dxzone.com.ar
Tue Oct 3 03:42:31 EDT 2017
This is what we have so far. Fun release.
General things to keep in mind:
- We need 7 CVEs I guess. I wanted prepare more consistent summaries
but I want to get this email sent asap before it's forgotten in my
drafts again. Are the ones in this email enough to request CVEs?
- We need to notify adium.
- Bugs 3 to 7 lack patches. I intend to get to it this week. Some are trivial.
- Bug 1 has a PR from months ago and I feel bad for leaving hanno
waiting like that :(
- Grim please do not review the security repo PRs in your twitch
streams thank you
The bugs:
1. "one byte buffer overread in function purple_markup_linkify"
by Hanno Böck
https://pidgin.im/cgi-bin/mailman/private/security/2017-April/001422.html
https://bitbucket.org/pidgin/security/pull-requests/19
2. "DoS against Pidgin's IRC protocol implementation"
by Shivaram Lingamneni
This one was initially reported publicly. There's no amplification,
just memory allocations of as much memory as the server sends without
newlines. I used to think it maybe didn't deserve a CVE but eh, we got
enough of the others already.
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/001903.html
https://bitbucket.org/pidgin/main/pull-requests/272/fixes-to-irc-buffer-handling-replaces-256/diff
3. "Pidgin attempts to free an address which was not malloc()-ed"
by Joseph Bisch
AKA double free of irc->motd
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/001973.html
4. "Pidgin uaf when cancelling file select dialog after accepting DCC SEND"
by Joseph Bisch
Requires user interaction, maybe not worth a CVE?
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/001981.html
5. "Libpurple irc out of bounds read in irc_nick_skip_mode"
by Joseph Bisch
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/001986.html
6. "Libpurple buffer overflow write in irc_parse_ctcp"
by Joseph Bisch
(the mail subject says libpidgin, that's a typo)
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/001998.html
7. "Libpurple stack overflow in g_markup_escape_text (truncated utf8??)"
by Joseph Bisch
https://pidgin.im/cgi-bin/mailman/private/security/2017-September/002019.html
More information about the security
mailing list