Wed, 22 Jan 2025 21:35:51 -0600
Updates for the 2.14.14 release
Testing Done:
Ran `npm run hugo:server` and verified the download links and changelog were displayed properly.
Reviewed at https://reviews.imfreedom.org/r/3782/
--- title: cve-2004-0891-00 date: 2004-10-19T00:00:00.000Z cveNumber: cve-2004-0891 summary: MSN SLP buffer overflow discoveredBy: Gaim fixedInRelease: 1.0.2 type: security layout: cve hidden: true --- ### Description Buffer overflow. `memcpy` was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances. ### Mitigation Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow.