Wed, 22 Jan 2025 21:35:51 -0600
Updates for the 2.14.14 release
Testing Done:
Ran `npm run hugo:server` and verified the download links and changelog were displayed properly.
Reviewed at https://reviews.imfreedom.org/r/3782/
--- title: cve-2005-0966-00 date: 2005-04-02T00:00:00.000Z cveNumber: cve-2005-0966 summary: Remote DoS on receiving certain messages over IRC discoveredBy: Jean-Yves Lefort fixedInRelease: 1.2.1 type: security layout: cve hidden: true --- ### Description The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows: 1. remote attackers to inject arbitrary Gaim markup via `irc_msg_kick`, `irc_msg_mode`, `irc_msg_part`, `irc_msg_quit`, 2. remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via `irc_msg_invite`, or 3. malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into `irc_msg_badmode`, `irc_msg_banned`, `irc_msg_unknown`, `irc_msg_nochan` functions. ### Mitigation The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.