hugo/content/about/security/advisories/cve-2008-2927-00.md

Fri, 12 Jul 2024 00:14:47 -0500

author
Gary Kramlich <grim@reaperworld.com>
date
Fri, 12 Jul 2024 00:14:47 -0500
changeset 538
24fe83c549b1
parent 394
c83367e9b2db
permissions
-rw-r--r--

Sort the plugins list by the heading attribute

Previously we depended on the sorting of the json file, but that's difficult
and error prone considering that we can just let hugo do it.

Testing Done:
Ran the site locally and verified that the sorting worked.

Reviewed at https://reviews.imfreedom.org/r/3279/

---
title: cve-2008-2927-00
date: 2008-07-01T00:00:00.000Z
cveNumber: cve-2008-2927
summary: MSN malformed SLP message overflow
discoveredBy: Anonymous (via TippingPoint's Zero Day Initiative)
fixedInRelease: 2.4.3
type: security
layout: cve
hidden: true
---

### Description

Multiple integer overflows in the `msn_slplink_process_msg` functions in the
MSN protocol handler in libpurple allow remote attackers to execute arbitrary
code via a malformed SLP message.

### Mitigation

The affected function has been patched to fix the vulnerability.

mercurial