hugo/content/about/security/advisories/cve-2010-0420-00.md

Fri, 12 Jul 2024 00:14:47 -0500

author
Gary Kramlich <grim@reaperworld.com>
date
Fri, 12 Jul 2024 00:14:47 -0500
changeset 538
24fe83c549b1
parent 397
56acee7044a0
permissions
-rw-r--r--

Sort the plugins list by the heading attribute

Previously we depended on the sorting of the json file, but that's difficult
and error prone considering that we can just let hugo do it.

Testing Done:
Ran the site locally and verified that the sorting worked.

Reviewed at https://reviews.imfreedom.org/r/3279/

---
title: cve-2010-0420-00
date: 2010-02-18T00:00:00.000Z
cveNumber: cve-2010-0420
summary: Finch XMPP MUC crash
discoveredBy: Sadrul Habib Chowdhury
fixedInRelease: 2.6.6
type: security
layout: cve
hidden: true
---

### Description

If a user in a multi-user chat room has a nickname containing '<br>' then
libpurple ends up having two users with username ' ' in the room, and Finch
crashes in this situation. We do not believe there is a possibility of remote
code execution.

### Mitigation

Correctly parse '<br>' so that it appears literally rather than as ' '.

mercurial