[Gaim-commits] CVS: web/htdocs/security index.php,1.17,1.18

[Mark D. <the...@us...>]

Update of /cvsroot/gaim/web/htdocs/security
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8473/htdocs/security

Modified Files:
	index.php 
Log Message:
If anyone thinks they can improve the text on the security page, please
do sew... just like the people of Santa Poco!


Index: index.php
===================================================================
RCS file: /cvsroot/gaim/web/htdocs/security/index.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -p -r1.17 -r1.18
--- index.php	11 May 2005 05:12:31 -0000	1.17
+++ index.php	10 Jun 2005 04:58:52 -0000	1.18
@@ -181,6 +181,26 @@ $vulnerabilities = array(
 		"fix"          => "Check for NULL before attempting to use the pointer.",
 		"fixedversion" => "1.3.0",
 		"discoveredby" => "Siebe Tolsma"
+	),
+	array(
+		"title"        => "Remote Yahoo! crash",
+		"date"         => "10 June 2005",
+		"cve"          => "CAN-2005-1269",
+		"summary"      => "Remote denial of service on Yahoo!",
+		"description"  => "Remove denial of service when being offered files with names containing non-ASCII characters.",
+		"fix"          => "Attempt to convert the file name to a usable encoding, or fail gracefully in the case of an invalid file name.",
+		"fixedversion" => "1.3.1",
+		"discoveredby" => "Jacopo Ottaviani"
+	),
+	array(
+		"title"        => "MSN Remote DoS",
+		"date"         => "10 June 2005",
+		"cve"          => "CAN-2005-1934",
+		"summary"      => "Certain malformed MSN messages can cause gaim to crash",
+		"description"  => "Remote attackers can cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.",
+		"fix"          => "Added a check for the invalid message.",
+		"fixedversion" => "1.3.1",
+		"discoveredby" => "Hugo de Bokkenrijder"
 	)
 );
 /*	Template for the unfortunate future