--- a/ChangeLog Tue Jan 21 23:39:32 2014 -0800
+++ b/ChangeLog Thu Jan 23 22:43:43 2014 -0800
@@ -81,7 +81,7 @@
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
@@ -93,13 +93,13 @@
* Fix buffer overflow with remote code execution potential.
- (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
+ (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6490) * Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
- Yamaguchi and Christian Wressnegger of the University of Goettingen)
+ Yamaguchi and Christian Wressnegger of the University of Goettingen, + fixed by Thijs Alkemade) (CVE-2013-6483) * Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very