pidgin/pidgin

Update CVE IDs for two of the Sourcefire vulnerabilities and give
release-2.x.y
2014-01-23, Mark Doliner
3f04427974d7
Parents c184465ecb08
Children 83d0601c7bbc2d76d38118a8
Update CVE IDs for two of the Sourcefire vulnerabilities and give
credit to Thijs for the iq spoofing fix.
1 files changed, 4 insertions(+), 4 deletions(-)
  • +4 -4
    ChangeLog
    • --- a/ChangeLog Tue Jan 21 23:39:32 2014 -0800
    +++ b/ChangeLog Thu Jan 23 22:43:43 2014 -0800
    @@ -81,7 +81,7 @@
    MXit:
    * Fix buffer overflow with remote code execution potential.
    (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
    - (CVE-2013-6487)
    + (CVE-2013-6489)
    * Fix sporadic crashes that can happen after user is disconnected.
    * Fix crash when attempting to add a contact via search results.
    * Show error message if file transfer fails.
    @@ -93,13 +93,13 @@
    SIMPLE:
    * Fix buffer overflow with remote code execution potential.
    - (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
    + (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6490)
    XMPP:
    * Prevent spoofing of iq replies by verifying that the 'from' address
    matches the 'to' address of the iq request. (Discovered by Fabian
    - Yamaguchi and Christian Wressnegger of the University of Goettingen)
    - (CVE-2013-6483)
    + Yamaguchi and Christian Wressnegger of the University of Goettingen,
    + fixed by Thijs Alkemade) (CVE-2013-6483)
    * Fix crash on some systems when receiving fake delay timestamps with
    extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
    * Fix possible crash or other erratic behavior when selecting a very