From: Mark D. <the...@us...> - 2005-02-18 05:33:19
|
Update of /cvsroot/gaim/web/htdocs/security In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30646/htdocs/security Modified Files: index.php Log Message: Moogaly Boogaly Index: index.php =================================================================== RCS file: /cvsroot/gaim/web/htdocs/security/index.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -p -r1.7 -r1.8 --- index.php 15 Jan 2005 00:47:35 -0000 1.7 +++ index.php 18 Feb 2005 05:33:10 -0000 1.8 @@ -101,6 +101,24 @@ $vulnerabilities = array( "fix" => "Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow.", "fixedversion" => "1.0.2", "discoveredby" => "Gaim" + ), + array( + "title" => "AIM/ICQ remote denial of service", + "date" => "17 February 2005", + "summary" => "Client freezes when receiving certain invalid messages", + "description" => "Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate malformed SNACs.", + "fix" => "The OSCAR protocol plugin was modified to drop these malformed packets.", + "fixedversion" => "1.1.3", + "discoveredby" => "anonymous" + ), + array( + "title" => "Remote DoS on receiving malformed HTML", + "date" => "17 February 2005", + "summary" => "Client crashes when receiving specific malformed HTML", + "description" => "Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.", + "fix" => "The OSCAR protocol plugin was modified to drop these malformed packets.", + "fixedversion" => "1.1.3", + "discoveredby" => "Gaim" ) ); /* Template for the unfortunate future |