--- a/ChangeLog Mon Feb 11 01:09:30 2013 -0800
+++ b/ChangeLog Mon Feb 11 01:11:47 2013 -0800
@@ -55,6 +55,10 @@
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
+ * Fix a crash in Sametime when a malicious server sends us an abnormally + long user ID. (CVE-2013-0273) * Fix a double-free in profile/picture loading code. (Mihai Serban)
--- a/libpurple/protocols/sametime/sametime.c Mon Feb 11 01:09:30 2013 -0800
+++ b/libpurple/protocols/sametime/sametime.c Mon Feb 11 01:11:47 2013 -0800
@@ -4977,7 +4977,7 @@
static char buf[BUF_LEN];
- strncpy(buf, id, sizeof(buf));
+ g_strlcpy(buf, id, sizeof(buf));