From: Mark D. <the...@us...> - 2005-06-10 04:59:01
|
Update of /cvsroot/gaim/web/htdocs/security In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8473/htdocs/security Modified Files: index.php Log Message: If anyone thinks they can improve the text on the security page, please do sew... just like the people of Santa Poco! Index: index.php =================================================================== RCS file: /cvsroot/gaim/web/htdocs/security/index.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -p -r1.17 -r1.18 --- index.php 11 May 2005 05:12:31 -0000 1.17 +++ index.php 10 Jun 2005 04:58:52 -0000 1.18 @@ -181,6 +181,26 @@ $vulnerabilities = array( "fix" => "Check for NULL before attempting to use the pointer.", "fixedversion" => "1.3.0", "discoveredby" => "Siebe Tolsma" + ), + array( + "title" => "Remote Yahoo! crash", + "date" => "10 June 2005", + "cve" => "CAN-2005-1269", + "summary" => "Remote denial of service on Yahoo!", + "description" => "Remove denial of service when being offered files with names containing non-ASCII characters.", + "fix" => "Attempt to convert the file name to a usable encoding, or fail gracefully in the case of an invalid file name.", + "fixedversion" => "1.3.1", + "discoveredby" => "Jacopo Ottaviani" + ), + array( + "title" => "MSN Remote DoS", + "date" => "10 June 2005", + "cve" => "CAN-2005-1934", + "summary" => "Certain malformed MSN messages can cause gaim to crash", + "description" => "Remote attackers can cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.", + "fix" => "Added a check for the invalid message.", + "fixedversion" => "1.3.1", + "discoveredby" => "Hugo de Bokkenrijder" ) ); /* Template for the unfortunate future |