--- a/ChangeLog Mon Oct 13 23:47:37 2014 -0700
+++ b/ChangeLog Tue Oct 14 12:47:43 2014 -0400
@@ -9,7 +9,7 @@
by an anonymous person and Jacob Appelbaum of the Tor Project, with
thanks to Moxie Marlinspike for first publishing about this type of
vulnerability. Thanks to Kai Engert for guidance and for some of the
- NSS changes). (CVE-2014-NNNN)
+ NSS changes) (CVE-2014-3694) * Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta) (#15909)
@@ -20,7 +20,7 @@
Windows-Specific Changes:
* Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves
- Younan of Sourcefire VRT)
+ Younan of Cisco Talos) (CVE-2014-3697) * Updates to dependencies:
* NSS 3.17.1 and NSPR 4.10.7
@@ -33,7 +33,7 @@
* Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan
- and Richard Johnson of Sourcefire VRT) (CVE-2014-NNNN)
+ and Richard Johnson of Cisco Talos) (CVE-2014-3696) * Fix a possible leak of unencrypted data when using /me command
@@ -41,15 +41,15 @@
* Fix potential remote crash parsing a malformed emoticon response.
- (Discovered by Yves Younan and Richard Johnson of Sourcefire VRT)
+ (Discovered by Yves Younan and Richard Johnson of Cisco Talos) * Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted
XMPP message that causes libpurple to send an XMPP message containing
arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
- Aurich) (CVE-2014-NNNN)
+ Aurich) (CVE-2014-3698) * Fix Facebook XMPP roster quirks. (#15041, #15957)