pidgin/old.pidgin.im
Clone
Summary
Browse
Changes
Graph
Update for the 2.12.0 CVE
2017-03-09, Gary Kramlich
a306967601af
Parents
475221c19827
Children
21bd2058189d
Update for the 2.12.0 CVE
1 files changed, 10 insertions(+), 0 deletions(-)
+10
-0
htdocs/news/security/index.php
--- a/htdocs/news/security/index.php Thu Sep 15 16:48:53 2016 -0500
+++ b/htdocs/news/security/index.php Thu Mar 09 01:15:48 2017 -0600
@@ -1124,6 +1124,16 @@
"fixedversion" => "2.11.0",
"discoveredby" => "Yves Younan of Cisco Talos"
),
+ array(
+ "title" => "Out-of-bounds write when stripping xml",
+ "date" => "2017-03-09",
+ "cve" => "CVE 2017-2640",
+ "description" => "An out-of-bounds write when invalid xml is sent by a malicious server",
+ "fix" => "Only encode HTML entities that are well formed",
+ "fixrevisions" => "b2fc9e774cb9",
+ "fixedversion" => "2.12.0",
+ "discoveredby" => "Joseph Bisch"
+ ),
);
/* Template for the unfortunate future
array(
