pidgin/nest

Update the changelog for the 2.14.7 release
default tip
8 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2009-3084-00
date: 2009-09-03T00:00:00.000Z
cveNumber: cve-2009-3084
summary: MSN handwritten message crash
discoveredBy: aly89 in ticket #10048 and Elliott Sales de Andrade
fixedInRelease: 2.6.2
type: security
layout: cve
hidden: true
---
### Description
The MSN protocol plugin used an incorrect character encoding when attempting to
convert handwritten messages from one encoding to another. This caused the
conversion to fail. This failure combined with an uninitialized variable can
trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.
### Mitigation
Use the correct character set name and initialize error to NULL.