HGKeeper

Add an alias for /development/wiki/GetABacktrace to the debugging page
default tip
2 weeks ago, Gary Kramlich

1f078d295019

Add an alias for /development/wiki/GetABacktrace to the debugging page

Testing Done:
Ran `npm hugo:server` and verified that `/development/wiki/GetABacktrace` redirected to `/development/debugging'

Reviewed at https://reviews.imfreedom.org/r/3029/

---

title: cve-2013-6483-00

date: 2014-01-28T00:00:00.000Z

cveNumber: cve-2013-6483

summary: XMPP doesn't verify 'from' on some iq replies

discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen

fixedInRelease: 2.10.8

type: security

layout: cve

hidden: true

---

### Description

The XMPP protocol plugin failed to ensure that iq replies came from the person

they were sent to. A remote user could send a spoofed iq reply and attempt to

guess the iq id. This could allow an attacker to inject fake data or trigger a

null pointer dereference.

### Mitigation

Keep track of the 'to' when sending an iq stanza and make sure replies for a

given stanza ID come from the same address it was sent to.

pidgin/nest