pidgin/nest

Update the changelog for the 2.14.7 release
default tip
6 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2009-2694-00
date: 2009-08-18T00:00:00.000Z
cveNumber: cve-2009-2694
summary: MSN overflow parsing SLP messages
discoveredBy: Core Security Technologies
fixedInRelease: 2.5.9
type: security
layout: cve
hidden: true
---
### Description
By sending two consecutive specially crafted SLP messages it is possible to
trigger an memcpy to an invalid location in memory. This affects all versions of
libpurple and Gaim released in the past few years.
### Mitigation
Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a
buffer has been allocated within the SLP data structure before attempting to
write to it.