pidgin/nest

Add all cve advisories from 2013

7 months ago, Sorvival
d5c8285de7f1
Parents 0ec2c139628a
Children 50d9e50b8b86
Add all cve advisories from 2013

Testing Done:
Built locally with `dev-server.sh` and verified contents of advisories added

Bugs closed: NEST-43

Reviewed at https://reviews.imfreedom.org/r/509/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6477-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6477-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6477
+summary: Crash handling bad XMPP timestamp
+discoveredBy: Jaime Breva Ribes
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A remote XMPP user can trigger a crash on some systems by sending a message with
+a timestamp in the distant future.
+
+### Mitigation
+
+Avoid passing negative timestamps to `localtime()`.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6478-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,25 @@
+---
+title: cve-2013-6478-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6478
+summary: Crash when hovering pointer over a long URL
+discoveredBy: See support mails in description
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+libX11 forcefully exits when Pidgin tries to create an exceptionally wide
+tooltip window.
+
+[support email #1](https://lists.pidgin.im/pipermail/support/2013-March/012980.html)
+
+[support email #2](https://lists.pidgin.im/pipermail/support/2013-March/012981.html)
+
+### Mitigation
+
+Only display the first 200 characters of the URL in the tooltip.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6479-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6479-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6479
+summary: Remote crash parsing HTTP responses
+discoveredBy: Jacob Appelbaum of the Tor Project
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malicious server or man-in-the-middle could send a malformed HTTP response
+that could lead to a crash.
+
+### Mitigation
+
+Validate response before using it.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6481-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,22 @@
+---
+title: cve-2013-6481-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6481
+summary: Remote crash reading Yahoo! P2P message
+discoveredBy: Daniel Atallah
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+The Yahoo! protocol plugin failed to validate a length field before trying to
+read from a buffer, which could result in reading past the end of the buffer
+which could cause a crash.
+
+### Mitigation
+
+Check that the length is within range.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6482-01.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2013-6482-01
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6482
+summary: NULL pointer dereference parsing headers in MSN
+discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malformed Content-Length header could lead to a NULL pointer dereference.
+
+### Mitigation
+
+Check to make sure the Content-Length header has a value.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6482-02.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6482-02
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6482
+summary: NULL pointer dereference parsing OIM data in MSN
+discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malicious server or man-in-the-middle could send us a specially-crafted XML
+response that results in a NULL pointer dereference.
+
+### Mitigation
+
+Check for NULL before calling `atoi()`.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6482-03.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6482-03
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6482
+summary: NULL pointer dereference parsing SOAP data in MSN
+discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malicious server or man-in-the-middle could send us a specially-crafted SOAP
+response that results in a NULL pointer dereference.
+
+### Mitigation
+
+Check for NULL before using values.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6483-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,24 @@
+---
+title: cve-2013-6483-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6483
+summary: XMPP doesn't verify 'from' on some iq replies
+discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+The XMPP protocol plugin failed to ensure that iq replies came from the person
+they were sent to. A remote user could send a spoofed iq reply and attempt to
+guess the iq id. This could allow an attacker to inject fake data or trigger a
+null pointer dereference.
+
+### Mitigation
+
+Keep track of the 'to' when sending an iq stanza and make sure replies for a
+given stanza ID come from the same address it was sent to.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6484-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6484-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6484
+summary: Crash reading response from STUN server
+discoveredBy: Coverity static analysis
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Incorrect error handling when reading the response from a STUN server could lead
+to a crash.
+
+### Mitigation
+
+Fix error handling.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6485-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,22 @@
+---
+title: cve-2013-6485-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6485
+summary: Buffer overflow parsing chunked HTTP responses
+discoveredBy: Matt Jones, Volvent
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malicious server or man-in-the-middle could cause a buffer overflow by sending
+a malformed HTTP response with chunked Transfer-Encoding with invalid chunk
+sizes.
+
+### Mitigation
+
+Enforce a maximum size for chunks.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6486-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,24 @@
+---
+title: cve-2013-6486-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6486
+summary: Pidgin uses clickable links to untrusted executables
+discoveredBy: Originally by James Burton, Insomnia Security. Rediscovered by Yves Younan of Sourcefire VRT.
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin,
+Pidgin attempts to execute the file. This can be dangerous if the file:// URI is
+a path on a network share. This was originally reported in [CVE-2011-3185]({{< ref "cve-2011-3185-00" >}}) in 2011
+and we attempted to fix it then, but failed.
+
+### Mitigation
+
+Don't attempt to execute files when the user clicks a file:// URI. Instead, open
+a file browser at the file's location.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6487-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,22 @@
+---
+title: cve-2013-6487-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6487
+summary: Buffer overflow in Gadu-Gadu HTTP parsing
+discoveredBy: Yves Younan and Ryan Pentney of Sourcefire VRT
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A malicious server or man-in-the-middle could send a large value for
+Content-Length and cause an integer overflow which could lead to a buffer
+overflow.
+
+### Mitigation
+
+Enforce a maximum size for content-length.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2013-6489-00.md Sun Feb 14 19:59:19 2021 -0600
@@ -0,0 +1,21 @@
+---
+title: cve-2013-6489-00
+date: 2014-01-28T00:00:00.000Z
+cveNumber: cve-2013-6489
+summary: Buffer overflow in MXit emoticon parsing
+discoveredBy: Yves Younan and Pawel Janic of Sourcefire VRT
+fixedInRelease: 2.10.8
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+A specially crafted emoticon value could cause an integer overflow which could
+lead to a buffer overflow.
+
+### Mitigation
+
+Use an unsigned integer and enforce a maximum size.
+