pidgin/nest

Update the changelog for the 2.14.7 release
default tip
6 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2010-3711-00
date: 2010-10-20T00:00:00.000Z
cveNumber: cve-2010-3711
summary: Multiple remotely-triggered denials of service
discoveredBy: Daniel Atallah
fixedInRelease: 2.7.4
type: security
layout: cve
hidden: true
---
### Description
It has been discovered that eight denial of service conditions exist in
libpurple all due to insufficient validation of the return value from
`purple_base64_decode()`. Invalid or malformed data received in place of a valid
base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP
protocol plugins and the NTLM authentication support trigger a crash. These
vulnerabilities can be leveraged by a remote user for denial of service.
### Mitigation
Check the return value from `purple_base64_decode()` before trying to use it.