Add all CVE advisories from 2009
Testing Done:
Built locally with `dev-server.sh` and verified contents of advisories added
Bugs closed: NEST-43
Reviewed at https://reviews.imfreedom.org/r/513/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-1373-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,21 @@
+date: 2009-05-02T00:00:00.000Z +cveNumber: cve-2009-1373 +summary: XMPP file transfer buffer overflow +The XMPP SOCKS5 bytestream server was not correctly checking the bounds of a +buffer when initiating an outgoing file transfer. +The affected function has been patched to fix the vulnerability. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-1374-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-05-03T00:00:00.000Z +cveNumber: cve-2009-1374 +discoveredBy: Ka-Hing Cheung +`decrypt_out()` always writes 8 bytes past the supplied buffer, which is always +allocated on the stack. We don't believe this can cause anything outside of a +`decrypt_out()` is fixed to not write past the end of the buffer. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-1375-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-03-20T00:00:00.000Z +cveNumber: cve-2009-1375 +summary: Remote DoS in multiple protocols +discoveredBy: Josef Andrysek +A buffer maintained by `PurpleCircBuffer` may be corrupted if it's exactly full +and then more bytes are added to it, leading to a crash. This structure is used +by the XMPP and Sametime protocol plugins. +PurpleCircBuffer now correctly checks bounds. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-1376-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,23 @@
+date: 2009-05-02T00:00:00.000Z +cveNumber: cve-2009-1376 +summary: MSN malformed SLP message overflow +discoveredBy: Loc VALBON (via TippingPoint's Zero Day Initiative) +The previous fix to [CVE-2008-2927]({{< ref "cve-2008-2927-00" >}}) was deemed +incomplete. The size check improperly cast an `uint64` to `size_t` which can +cause an integer overflow, rendering the check useless. +The proper variable type is now used when doing size comparison. Additionally, +the malformed message is now properly discarded. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-1889-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,23 @@
+date: 2009-05-28T00:00:00.000Z +cveNumber: cve-2009-1889 +summary: ICQ parser excessive memory allocation +discoveredBy: Yuriy Kaminskiy +The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in +certain circumstances, leading to an excessively large allocation. +Yuriy's patch corrected the misparsing of such ICQ web messages so they are no +longer treated as SMS messages and added validation to avoid unnecessary memory --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-2694-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,24 @@
+date: 2009-08-18T00:00:00.000Z +cveNumber: cve-2009-2694 +summary: MSN overflow parsing SLP messages +discoveredBy: Core Security Technologies +By sending two consecutive specially crafted SLP messages it is possible to +trigger an memcpy to an invalid location in memory. This affects all versions of +libpurple and Gaim released in the past few years. +Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a +buffer has been allocated within the SLP data structure before attempting to --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-2703-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,21 @@
+date: 2009-09-03T00:00:00.000Z +cveNumber: cve-2009-2703 +summary: IRC crash from malicious server +discoveredBy: Cristofaro Mune +A specially crafted IRC TOPIC message can trigger a NULL pointer dereference in +the IRC protocol plugin's code for handling IRC topics. +Correctly ignore invalid TOPIC messages sent from the server. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3025-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-08-22T00:00:00.000Z +cveNumber: cve-2009-3025 +summary: Yahoo IM parsing crash +Possibly depending on the architecture and/or flags used to compile libpurple, +the Yahoo protocol plugin may crash when receiving an IM from any user which +contains a URL. The only vulnerable version of libpurple is 2.6.0. +Correctly parse URLs in incoming Yahoo messages. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3026-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,23 @@
+date: 2009-09-03T00:00:00.000Z +cveNumber: cve-2009-3026 +summary: XMPP may not enforce TLS +discoveredBy: bugdave in ticket #8131 and Paul Aurich +The XMPP protocol plugin can be tricked into establishing an insecure connection +by a malicious man in the middle by causing libpurple to use the older IQ-based +login and then not offering TLS/SSL. The "require TLS/SSL" option was introduced +Respect the "require TLS/SSL" preference for this type of connection. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3083-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-09-03T00:00:00.000Z +cveNumber: cve-2009-3083 +summary: MSN partial SLP invite crash +discoveredBy: blackstar in ticket #10159 and Elliott Sales de Andrade +The MSN protocol plugin extracts some fields from an incoming SLP invite. If +some of these fields do not exist in the invite message then the protocol plugin +will attempt to dereference a NULL pointer and will crash. +Check for NULL values and handle appropriately. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3084-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,23 @@
+date: 2009-09-03T00:00:00.000Z +cveNumber: cve-2009-3084 +summary: MSN handwritten message crash +discoveredBy: aly89 in ticket #10048 and Elliott Sales de Andrade +The MSN protocol plugin used an incorrect character encoding when attempting to +convert handwritten messages from one encoding to another. This caused the +conversion to fail. This failure combined with an uninitialized variable can +trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1. +Use the correct character set name and initialize error to NULL. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3085-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-09-03T00:00:00.000Z +cveNumber: cve-2009-3085 +summary: XMPP custom smiley parsing bug +discoveredBy: Florob, Waqas, Paul Aurich and Marcus Lundblad +The XMPP protocol plugin can crash when attempting to process an error response +as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions +may be vulnerable as well. +Handle error iq responses appropriately. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2009-3615-00.md Sun Feb 14 20:02:01 2021 -0600
@@ -0,0 +1,22 @@
+date: 2009-10-16T00:00:00.000Z +cveNumber: cve-2009-3615 +summary: ICQ and maybe AIM remote crash +discoveredBy: nightwing666 in ticket #10481 +A specially crafted message can trigger an incorrect memory access in the oscar +protocol plugin which can lead to a crash. This happens when the SIM IM client +attempts to send contacts to a libpurple user. +Check for the correct number of fields before attempting to dereference memory.