Wed, 22 Jan 2025 21:35:51 -0600
Updates for the 2.14.14 release
Testing Done:
Ran `npm run hugo:server` and verified the download links and changelog were displayed properly.
Reviewed at https://reviews.imfreedom.org/r/3782/
--- title: cve-2009-3083-00 date: 2009-09-03T00:00:00.000Z cveNumber: cve-2009-3083 summary: MSN partial SLP invite crash discoveredBy: blackstar in ticket #10159 and Elliott Sales de Andrade fixedInRelease: 2.6.2 type: security layout: cve hidden: true --- ### Description The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash. ### Mitigation Check for NULL values and handle appropriately.