pidgin/nest

Add all CVEs reported in 2005

5 months ago, Sorvival
34e168c9c4b4
Parents de31fe0d5bba
Children 51c0051875fd
Add all CVEs reported in 2005

Testing Done:
Verified correct rendering and contents with `dev-server.sh`

Bugs closed: NEST-43

Reviewed at https://reviews.imfreedom.org/r/486/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0208-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-0208-00
+date: 2005-02-24T00:00:00.000Z
+cveNumber: cve-2005-0208
+summary: Remote DoS on receiving malformed HTML
+discoveredBy: Gaim
+fixedInRelease: 1.1.4
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.
+
+### Mitigation
+
+The HTML parsing functions were modified to correctly parse the malformed HTML.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0472-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-0472-00
+date: 2005-02-17T00:00:00.000Z
+cveNumber: cve-2005-0472
+summary: AIM/ICQ remote denial of service
+discoveredBy: Brandon Scott ("Xeon")
+fixedInRelease: 1.1.3
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate malformed SNACs.
+
+### Mitigation
+
+The OSCAR protocol plugin was modified to drop these malformed packets.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0473-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-0473-00
+date: 2005-02-17T00:00:00.000Z
+cveNumber: cve-2004-0473
+summary: Remote DoS on receiving malformed HTML
+discoveredBy: Gaim
+fixedInRelease: 1.1.3
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.
+
+### Mitigation
+
+The HTML parsing functions were modified to correctly parse the malformed HTML.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0965-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2005-0965-00
+date: 2005-04-02T00:00:00.000Z
+cveNumber: cve-2005-0965
+summary: Remote DoS on receiving malformed HTML
+discoveredBy: Jean-Yves Lefort
+fixedInRelease: 1.2.1
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.
+
+
+### Mitigation
+
+The function was changed to not allow the out-of-bounds read.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0966-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-0966-00
+date: 2005-04-02T00:00:00.000Z
+cveNumber: cve-2005-0966
+summary: Remote DoS on receiving certain messages over IRC
+discoveredBy: Jean-Yves Lefort
+fixedInRelease: 1.2.1
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
+
+### Mitigation
+
+The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-0967-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-0967-00
+date: 2005-04-04T00:00:00.000Z
+cveNumber: cve-2005-0967
+summary: Jabber remote crash
+discoveredBy: Marco Alvarez
+fixedInRelease: 1.2.1
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Sending a Gaim Jabber user a certain invalid file transfer request triggers an out-of-bounds read which causes Gaim to crash.
+
+### Mitigation
+
+The invalid file transfer request is ignored.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-1261-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-1261-00
+date: 2005-05-10T00:00:00.000Z
+cveNumber: cve-2005-1261
+summary: Remote crash on some protocols
+discoveredBy: Stu Tomlinson
+fixedInRelease: 1.3.0
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.
+
+### Mitigation
+
+The URL parsing function was modified to not use a static buffer.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-1262-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-1262-00
+date: 2005-05-10T00:00:00.000Z
+cveNumber: cve-2005-1262
+summary: MSN Remote DoS
+discoveredBy: Siebe Tolsma
+fixedInRelease: 1.3.0
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body.
+
+### Mitigation
+
+Check for NULL before attempting to use the pointer.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-1269-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-1269-00
+date: 2005-06-10T00:00:00.000Z
+cveNumber: cve-2005-1269
+summary: Remote Yahoo! crash
+discoveredBy: Jacopo Ottaviani
+fixedInRelease: 1.3.1
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Remove denial of service when being offered files with names containing non-ASCII characters.
+
+### Mitigation
+
+Attempt to convert the file name to a usable encoding, or fail gracefully in the case of an invalid file name.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-1934-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-1934-00
+date: 2005-06-10T00:00:00.000Z
+cveNumber: cve-2005-1934
+summary: MSN Remote DoS
+discoveredBy: Hugo de Bokkenrijder
+fixedInRelease: 1.3.1
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Remote attackers can cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
+
+### Mitigation
+
+Added a check for the invalid message.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-2102-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-2102-00
+date: 2005-08-11T00:00:00.000Z
+cveNumber: cve-2004-0500
+summary: AIM/ICQ non-UTF-8 filename crash
+discoveredBy: Unknown
+fixedInRelease: 1.5.0
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+ are especially susceptible.
+
+### Mitigation
+
+The filename is validated as UTF-8 before Gaim attemps to display it.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-2103-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-2103-00
+date: 2005-08-11T00:00:00.000Z
+cveNumber: cve-2005-2103
+summary: AIM/ICQ away message buffer overflow
+discoveredBy: Brandon Perry
+fixedInRelease: 1.5.0
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).
+
+### Mitigation
+
+The substitution function was modified to use a dynamic buffer instead of one with a fixed size.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2005-2370-00.md Thu Feb 11 02:54:55 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2005-2370-00
+date: 2005-08-11T00:00:00.000Z
+cveNumber: cve-2005-2370
+summary: Gadu-Gadu memory alignment bug
+discoveredBy: Marcin Owsiany and Wojtek Kaniewski
+fixedInRelease: 1.5.0
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+There was a memory alignment bug in the library Gaim uses to access the Gadu-Gadu network. This bug can not be exploited on x86 architectures. This bug was recently fixed in the libgadu library, but also needed to be fixed in Gaim because Gaim includes a copy of the libgadu library.
+
+### Mitigation
+
+The vulnerable section of code was modified to work correctly on all architectures.
+