Add all CVEs reported in 2008
Testing Done:
Verified rendering and content with `dev-server.sh`
Bugs closed: NEST-43
Reviewed at https://reviews.imfreedom.org/r/488/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2008-2927-00.md Thu Feb 11 02:56:40 2021 -0600
@@ -0,0 +1,20 @@
+date: 2008-07-01T00:00:00.000Z +cveNumber: cve-2008-2927 +summary: MSN malformed SLP message overflow +discoveredBy: Anonymous (via TippingPoint's Zero Day Initiative) +Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in libpurple allow remote attackers to execute arbitrary code via a malformed SLP message. +The affected function has been patched to fix the vulnerability. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2008-2955-00.md Thu Feb 11 02:56:40 2021 -0600
@@ -0,0 +1,20 @@
+date: 2008-06-25T00:00:00.000Z +cveNumber: cve-2008-2955 +summary: MSN Remote file transfer filename DoS +discoveredBy: Juan Pablo Lopez Yacubian +A remote MSN user can cause a denial of service (crash) by sending a file with a file with a filename containing invalid characters. The local user must then accept the file transfer to trigger a double-free. +A fix was applied to ensure that the double-free didn't occur. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2008-2957-00.md Thu Feb 11 02:56:40 2021 -0600
@@ -0,0 +1,20 @@
+date: 2008-05-11T00:00:00.000Z +cveNumber: cve-2008-2957 +summary: Remote UPnP discovery DoS +discoveredBy: Andrew Hunt and Christian Grothoff +The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. +UPnP related downloads are limited to 128kB. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2008-3532-00.md Thu Feb 11 02:56:40 2021 -0600
@@ -0,0 +1,20 @@
+date: 2008-07-25T00:00:00.000Z +cveNumber: cve-2008-3532 +summary: NSS TLS/SSL Certificates not validated +discoveredBy: Josh Triplett +The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. +SSL/TLS Certificates are now verified in the NSS implementation in libpurple.