Update the changelog for the 2.14.7 release
default tip
6 days ago, Gary Kramlich
Update the changelog for the 2.14.7 release

Testing Done:

Reviewed at
title: cve-2011-2485-00
date: 2011-06-23T00:00:00.000Z
cveNumber: cve-2011-2485
summary: Remote denial of service from corrupt buddy icons
discoveredBy: Mark Doliner
fixedInRelease: 2.9.0
type: security
layout: cve
hidden: true
### Description
It was found that the gdk-pixbuf GIF image loader routine
`gdk_pixbuf__gif_image_load()` did not properly handle certain return values
from its subroutines. A remote attacker could provide a specially-crafted GIF
image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially
initialized pixbuf structure. Using this structure, possibly containing a huge
width and height, could lead to the application being terminated due to
excessive memory use.
### Mitigation
Change Pidgin to look at the GError parameter in addition to the return value
when calling certain gdk-pixbuf functions.