pidgin/nest

Add all CVEs reported in 2007

2021-02-11, Sorvival
51c0051875fd
Parents 34e168c9c4b4
Children 4c756e9ef73b
Add all CVEs reported in 2007

Testing Done:
Verified correct rendering and content with `dev-server.sh`

Bugs closed: NEST-43

Reviewed at https://reviews.imfreedom.org/r/487/
2 files changed, 40 insertions(+), 0 deletions(-)
  • +20 -0
    hugo/content/about/security/advisories/cve-2007-4996-00.md
  • +20 -0
    hugo/content/about/security/advisories/cve-2007-4999-00.md
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/hugo/content/about/security/advisories/cve-2007-4996-00.md Thu Feb 11 02:56:00 2021 -0600
    @@ -0,0 +1,20 @@
    +---
    +title: cve-2006-4996-00
    +date: 2007-09-27T00:00:00.000Z
    +cveNumber: cve-2007-4996
    +summary: MSN Remote "Nudge" DoS
    +discoveredBy: Evan Schoenberg
    +fixedInRelease: 2.2.1
    +type: security
    +layout: cve
    +hidden: true
    +---
    +
    +### Description
    +
    +A remote MSN user that is not on the buddy list can cause a denial of service (crash) by sending a nudge message. The protocol plugin attempts to look up the buddy's information and accesses an invalid memory location if the user is not on the buddy list. This only affects libpurple version 2.2.0, older versions are not affected.
    +
    +### Mitigation
    +
    +The nudge functionality in the MSN protocol has been rewritten to avoid an unnecessary lookup of buddy information.
    +
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/hugo/content/about/security/advisories/cve-2007-4999-00.md Thu Feb 11 02:56:00 2021 -0600
    @@ -0,0 +1,20 @@
    +---
    +title: cve-2007-4999-00
    +date: 2007-10-24T00:00:00.000Z
    +cveNumber: cve-2007-4999
    +summary: NULL pointer dereference in parsing invalid HTML
    +discoveredBy: Jeffrey Rosen
    +fixedInRelease: 2.2.2
    +type: security
    +layout: cve
    +hidden: true
    +---
    +
    +### Description
    +
    +A remote user can cause a denial of service (crash) by sending a message with invalid HTML. It is believed that this crash can be triggered only when using HTML logging.
    +
    +### Mitigation
    +
    +The affected function has been patched to fix the vulnerability.
    +