HGKeeper

Fix the date on the 2023 Q3 state of the bird
default tip
3 weeks ago, Gary Kramlich

4a261d8e9db1

Fix the date on the 2023 Q3 state of the bird

Testing Done:
Eyeball tests.

Reviewed at https://reviews.imfreedom.org/r/2791/

---

title: cve-2005-0966-00

date: 2005-04-02T00:00:00.000Z

cveNumber: cve-2005-0966

summary: Remote DoS on receiving certain messages over IRC

discoveredBy: Jean-Yves Lefort

fixedInRelease: 1.2.1

type: security

layout: cve

hidden: true

---

### Description

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows:

1. remote attackers to inject arbitrary Gaim markup via `irc_msg_kick`,

`irc_msg_mode`, `irc_msg_part`, `irc_msg_quit`,

2. remote attackers to inject arbitrary Pango markup and pop up empty dialog

boxes via `irc_msg_invite`, or

3. malicious IRC servers to cause a denial of service (application crash) by

injecting certain Pango markup into `irc_msg_badmode`, `irc_msg_banned`,

`irc_msg_unknown`, `irc_msg_nochan` functions.

### Mitigation

The IRC protocol plugin was modified to escape appropriate messages passed to

the Gaim core.