Fix some issues found in review
--- a/hugo/archetypes/cve.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/archetypes/cve.md Fri Jan 31 03:56:36 2020 -0600
@@ -1,13 +1,12 @@
--- a/hugo/content/about/security/_index.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/_index.md Fri Jan 31 03:56:36 2020 -0600
@@ -17,7 +17,7 @@
## Reporting a Security-related Issue
If you believe you have discovered a security problem or vulnerability in
-Pidgin, libpurple, finch, or one of our related projects, please let us know+Pidgin, libpurple, Finch, or one of our related projects, please let us know by emailing [security@pidgin.im](mailto:security@pidgin.im).
In order to help us fix the problem as quickly as possible and with as little
@@ -31,7 +31,7 @@
tell us what you do know.
* A way to contact you or your organization.
-* The version of Pidgin, libpurple, finch, or other package in which the+* The version of Pidgin, libpurple, Finch, or other package in which the * A concise description of the problem, including a summary of why you believe
it is security-critical. This might be, for example, "Receipt of an invalid
--- a/hugo/content/about/security/advisories/cve-2004-0500-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0500-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -5,7 +5,6 @@
summary: MSN strncpy buffer overflow
discoveredBy: Sebastian Krahmer, SUSE Security Team
--- a/hugo/content/about/security/advisories/cve-2004-0754-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0754-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,10 +3,9 @@
date: 2004-08-26T00:00:00.000Z
summary: Groupware message receive integer overflow
-discoveredBy: Sean ("infamous42md\")+discoveredBy: Sean (infamous42md)
--- a/hugo/content/about/security/advisories/cve-2004-0784-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0784-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -5,7 +5,6 @@
summary: Smiley theme installation lack of escaping
discoveredBy: A Gaim Crazy Patch Writer
--- a/hugo/content/about/security/advisories/cve-2004-0785-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
summary: URL decode buffer overflow
-discoveredBy: Sean ("infamous42md")+discoveredBy: Sean (infamous42md)
--- a/hugo/content/about/security/advisories/cve-2004-0785-01.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-01.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
summary: Local hostname resolution buffer overflow
-discoveredBy: Sean ("infamous42md")+discoveredBy: Sean (infamous42md)
@@ -13,8 +12,8 @@
-Buffer overflow. If the local computers host name is not in /etc/hosts, and-the computer performs a DNS query to obtain it's hostname when signing on to+Buffer overflow. If the local computer's host name is not in /etc/hosts, and +the computer performs a DNS query to obtain its hostname when signing on to zephyr, it could receive a reply with a hostname greater than `MAXHOSTNAMELEN`
(generally 64 bytes). If `gethostbyname()` does not ensure the size of
`hostent->h_name` is less than `MAXHOSTNAMELEN`, this value would be copied to
--- a/hugo/content/about/security/advisories/cve-2004-0785-02.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-02.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
summary: RTF message buffer overflow
-discoveredBy: Sean ("infamous42md")+discoveredBy: Sean (infamous42md)
--- a/hugo/content/about/security/advisories/cve-2016-2375-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2016-2375-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
discoveredBy: Yves Younan of Cisco Talos
--- a/hugo/content/about/security/advisories/cve-2017-2640-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2017-2640-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: Out-of-bounds write when stripping xml
discoveredBy: Joseph Bisch
--- a/hugo/content/about/security/advisories/independent-20040826-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20040826-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,9 +4,8 @@
summary: Content-length DOS (malloc error)
-discoveredBy: Sean ("infamous42md")+discoveredBy: Sean (infamous42md)
--- a/hugo/content/about/security/advisories/independent-20041019-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: MSN File transfer DOS (malloc error)
--- a/hugo/content/about/security/advisories/independent-20041019-01.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-01.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,7 +4,6 @@
summary: MSN SLP DOS (malloc error)
--- a/hugo/content/about/security/advisories/independent-20041019-02.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-02.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,7 +4,6 @@
summary: MSN SLP buffer overflow
--- a/hugo/layouts/security/advisories.html Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/layouts/security/advisories.html Fri Jan 31 03:56:36 2020 -0600
@@ -3,13 +3,13 @@
{{- range .Pages.GroupByDate "2006-01-02" -}}
- <h4><a href="{{ .Permalink }}">{{ .Summary }}</a></h4>- {{- if .Param "cveNumber" }}<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></li>{{ end -}}- {{- if .Param "talosReportId" }}<li><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" | upper }}">{{ .Param "talosReportId" | upper }}</a></li>{{ end -}}+<h4><a href="{{ .RelPermalink }}">{{ .Param "summary" }}</a></h4> + {{- if .Param "cveNumber" }}<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></li>{{ end -}} + {{- if .Param "talosReportId" }}<li><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" | upper }}">{{ .Param "talosReportId" | upper }}</a></li>{{ end -}} --- a/hugo/layouts/security/cve.html Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/layouts/security/cve.html Fri Jan 31 03:56:36 2020 -0600
@@ -1,43 +1,43 @@
{{ partial "header.html" . }}
{{- if and (eq (trim (.Param "cveNumber") " ") "") (eq (trim (.Param "talosReportId") " ") "") -}}
- <p><em><b>NOTE:</b></em> This issue was not reported to a security reporting body.</p>+<p><em><b>NOTE:</b></em> This issue was not reported to a security reporting body.</p>
<td>{{ .Param "summary" }} </td>
<td>{{ .Date.Format "2006-01-02" }}</td>
-{{- if .Param "cveNumber" -}}+ {{- if .Param "cveNumber" -}}
<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></td>
-{{- if .Param "talosReportId" -}}+ {{- if .Param "talosReportId" -}} - <td>Talos Report ID</td>+ <th>Talos Report ID</th> <td><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" }}">{{ .Param "talosReportId" | upper }}</a></td>
<td>{{ .Param "discoveredBy" }}</td>
-{{- if .Param "fixedInRevision" -}}+ {{- if .Param "fixedInRevision" -}} - <td>Fixed In Revision</td>+ <th>Fixed In Revision</th> <td>{{ .Param "fixedInRevision" }}</td>
- <td>Fixed In Release</td>+ <th>Fixed In Release</th> <td>{{ .Param "fixedInRelease" }}</td>
@@ -46,16 +46,16 @@
-{{- with .PrevInSection -}}+ {{- with .PrevInSection -}} <a href="{{ .Permalink }}">Previous<br/>{{ .Param "summary" }}</a>
-{{- with .NextInSection -}}+ {{- with .NextInSection -}} <a href="{{ .Permalink }}">Next<br/>{{ .Param "summary" }}</a>
{{ partial "footline.html" . }}
