--- a/ChangeLog Sun Jan 12 13:06:17 2014 -0800
+++ b/ChangeLog Sun Jan 12 13:08:28 2014 -0800
@@ -7,7 +7,7 @@
* Fix buffer overflow when parsing a malformed HTTP response with
- chunked Transfer-Encoding. (discovered by Matt Jones, Volvent)+ chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent) * Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
@@ -34,7 +34,7 @@
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
- (discovered by Yves Younan, Sourcefire VRT) (CVE-2014-NNNN)+ (Discovered by Yves Younan, Sourcefire VRT) (CVE-2014-NNNN) * Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
@@ -43,9 +43,13 @@
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
+ * Fix possible crash when sending very long messages. Not + remotely-triggerable. (Discovered by Matt Jones, Volvent) * Fix buffer overflow with remote code execution potential.
- (discovered by Sourcefire VRT) (CVE-2014-NNNN)+ (Discovered by Sourcefire VRT) (CVE-2014-NNNN) * Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
@@ -57,7 +61,7 @@
* Fix buffer overflow with remote code execution potential.
- (discovered by Sourcefire VRT) (CVE-2014-NNNN)+ (Discovered by Sourcefire VRT) (CVE-2014-NNNN) * Fix possible crash or other erratic behavior when selecting a very
