Fri, 30 Aug 2024 19:33:36 -0500
Update the plugins page for the new process
This includes defining the process and providing a template for a new issue to
add new plugins. I did go through and audit `No IRC /WHO` so we had at least
one validated entry.
Testing Done:
Ran `npm run hugo:server` locally and verified the page worked and checked the new links.
Bugs closed: NEST-53
Reviewed at https://reviews.imfreedom.org/r/3450/
--- title: cve-2009-2694-00 date: 2009-08-18T00:00:00.000Z cveNumber: cve-2009-2694 summary: MSN overflow parsing SLP messages discoveredBy: Core Security Technologies fixedInRelease: 2.5.9 type: security layout: cve hidden: true --- ### Description By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory. This affects all versions of libpurple and Gaim released in the past few years. ### Mitigation Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a buffer has been allocated within the SLP data structure before attempting to write to it.