pidgin/nest

Update the changelog for the 2.14.7 release
default tip
6 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2005-0966-00
date: 2005-04-02T00:00:00.000Z
cveNumber: cve-2005-0966
summary: Remote DoS on receiving certain messages over IRC
discoveredBy: Jean-Yves Lefort
fixedInRelease: 1.2.1
type: security
layout: cve
hidden: true
---
### Description
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows:
1. remote attackers to inject arbitrary Gaim markup via `irc_msg_kick`,
`irc_msg_mode`, `irc_msg_part`, `irc_msg_quit`,
2. remote attackers to inject arbitrary Pango markup and pop up empty dialog
boxes via `irc_msg_invite`, or
3. malicious IRC servers to cause a denial of service (application crash) by
injecting certain Pango markup into `irc_msg_badmode`, `irc_msg_banned`,
`irc_msg_unknown`, `irc_msg_nochan` functions.
### Mitigation
The IRC protocol plugin was modified to escape appropriate messages passed to
the Gaim core.