pidgin/nest

Add all cve advisories from 2010

7 months ago, Sorvival
56acee7044a0
Parents b4241824a900
Children be3fd81e6f2b
Add all cve advisories from 2010

Testing Done:
Built locally with `dev-server.sh` and verified contents of advisories added

Bugs closed: NEST-43

Reviewed at https://reviews.imfreedom.org/r/512/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2010-0013-00.md Sat Feb 13 20:12:24 2021 -0600
@@ -0,0 +1,22 @@
+---
+title: cve-2010-0013-00
+date: 2010-01-08T00:00:00.000Z
+cveNumber: cve-2010-0013
+summary: MSN file download vulnerability
+discoveredBy: Fabian Yamaguchi
+fixedInRelease: 2.6.5
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+The MSN protocol plugin extracts the filename of a custom emoticon from an
+incoming request and uploads that file without correlating the filename to a
+valid custom emoticon.
+
+### Mitigation
+
+Validate the custom emoticon requested is valid before uploading its file data.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2010-0277-00.md Sat Feb 13 20:12:24 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2010-0277-00
+date: 2010-02-18T00:00:00.000Z
+cveNumber: cve-2010-0277
+summary: MSN malformed SLP message crash
+discoveredBy: Fabian Yamaguchi
+fixedInRelease: 2.6.6
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Certain malformed SLP messages can trigger a crash because the MSN protocol
+plugin fails to check that all pieces of the message are set correctly.
+
+### Mitigation
+
+Validate input before attempting to handle the message.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000