pidgin/nest

Update the changelog for the 2.14.7 release
default tip
6 days ago, Gary Kramlich
d040bee36d7c
Update the changelog for the 2.14.7 release

Testing Done:
None

Reviewed at https://reviews.imfreedom.org/r/928/
---
title: cve-2011-2485-00
date: 2011-06-23T00:00:00.000Z
cveNumber: cve-2011-2485
summary: Remote denial of service from corrupt buddy icons
discoveredBy: Mark Doliner
fixedInRelease: 2.9.0
type: security
layout: cve
hidden: true
---
### Description
It was found that the gdk-pixbuf GIF image loader routine
`gdk_pixbuf__gif_image_load()` did not properly handle certain return values
from its subroutines. A remote attacker could provide a specially-crafted GIF
image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially
initialized pixbuf structure. Using this structure, possibly containing a huge
width and height, could lead to the application being terminated due to
excessive memory use.
### Mitigation
Change Pidgin to look at the GError parameter in addition to the return value
when calling certain gdk-pixbuf functions.