pidgin/nest

Update the changelog for the 2.14.7 release
default tip
8 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2006-4996-00
date: 2007-09-27T00:00:00.000Z
cveNumber: cve-2007-4996
summary: MSN Remote "Nudge" DoS
discoveredBy: Evan Schoenberg
fixedInRelease: 2.2.1
type: security
layout: cve
hidden: true
---
### Description
A remote MSN user that is not on the buddy list can cause a denial of service
(crash) by sending a nudge message. The protocol plugin attempts to look up the
buddy's information and accesses an invalid memory location if the user is not
on the buddy list. This only affects libpurple version 2.2.0, older versions
are not affected.
### Mitigation
The nudge functionality in the MSN protocol has been rewritten to avoid an
unnecessary lookup of buddy information.