Add all cve advisories from 2014
Testing Done:
Built locally with `dev-server.sh` and verified contents of advisories added
Bugs closed: NEST-43
Reviewed at https://reviews.imfreedom.org/r/508/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-0020-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,22 @@
+date: 2014-01-28T00:00:00.000Z +cveNumber: cve-2014-0020 +summary: Remotely triggerable crash in IRC argument parsing +discoveredBy: Daniel Atallah +A malicious server or man-in-the-middle could trigger a crash in libpurple by +sending a message with fewer than expected arguments. +Verify that incoming messages contain the appropriate number of arguments before --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-3694-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,26 @@
+date: 2014-10-22T00:00:00.000Z +cveNumber: cve-2014-3694 +summary: Insufficient SSL certificate validation + An anonymous person and Jacob Appelbaum of the Tor Project, with thanks to + Moxie Marlinspike for first publishing about this type of vulnerability +Both of libpurple's bundled SSL/TLS plugins (one for GnuTLS and one for NSS) +failed to check that the Basic Constraints extension allowed intermediate +certificates to act as CAs. This allowed anyone with any valid certificate to +create a fake certificate for any arbitrary domain and Pidgin would trust it. +Both bundled plugins were changed to check the Basic Constraints extension on +all intermediate CA certificates. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-3695-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,22 @@
+date: 2014-10-22T00:00:00.000Z +cveNumber: cve-2014-3695 +summary: Remote crash parsing malformed MXit emoticon +discoveredBy: Yves Younan and Richard Johnson of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash in libpurple by +sending an emoticon with an overly large length value. +Verify that the length value is valid before attempting to read data from the --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-3696-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,22 @@
+date: 2014-10-22T00:00:00.000Z +cveNumber: cve-2014-3696 +summary: Remote crash parsing malformed Groupwise message +discoveredBy: Yves Younan and Richard Johnson of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash in libpurple by +specifying that a large amount of memory should be allocated in many places in +Impose a maximum length when reading various types of messages. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-3697-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,22 @@
+date: 2014-10-22T00:00:00.000Z +cveNumber: cve-2014-3697 +summary: Malicious smiley themes could alter arbitrary files +discoveredBy: Yves Younan of Cisco Talos +A bug in the untar code on Windows could allow a malicious smiley theme to place +a file anywhere on the file system, or alter an existing file when installing a +smiley theme via drag and drop on Windows. +Fix the untar code to ensure all paths are relative. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2014-3698-00.md Sun Feb 14 20:01:09 2021 -0600
@@ -0,0 +1,23 @@
+date: 2014-10-22T00:00:00.000Z +cveNumber: cve-2014-3698 +summary: Potential information leak from XMPP +discoveredBy: Thijs Alkemade and Paul Aurich +A malicious server and possibly even a malicious remote user could create a +carefully crafted XMPP message that causes libpurple to send an XMPP message +containing arbitrary memory. +Correctly determine the start and end position of buffers when performing
