Fri, 12 Jul 2024 00:14:47 -0500

Gary Kramlich <>
Fri, 12 Jul 2024 00:14:47 -0500
changeset 538
parent 397

Sort the plugins list by the heading attribute

Previously we depended on the sorting of the json file, but that's difficult
and error prone considering that we can just let hugo do it.

Testing Done:
Ran the site locally and verified that the sorting worked.

Reviewed at

title: cve-2010-0420-00
date: 2010-02-18T00:00:00.000Z
cveNumber: cve-2010-0420
summary: Finch XMPP MUC crash
discoveredBy: Sadrul Habib Chowdhury
fixedInRelease: 2.6.6
type: security
layout: cve
hidden: true

### Description

If a user in a multi-user chat room has a nickname containing '<br>' then
libpurple ends up having two users with username ' ' in the room, and Finch
crashes in this situation. We do not believe there is a possibility of remote
code execution.

### Mitigation

Correctly parse '<br>' so that it appears literally rather than as ' '.