Mercurial > pidgin.yaz

diff ChangeLog @ 31791:f9cd24db04dd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ChangeLog the security fix and credit Marius. Although he didn't directly provide a patch, his suggestions and review were helpful in deriving the final fix for the problem.
author John Bailey <rekkanoryo@rekkanoryo.org>
date Fri, 11 Mar 2011 02:03:45 +0000
parents 04576947c4e0
children 5c2c42cbb811
line wrap: on
line diff
--- a/ChangeLog	Fri Mar 11 02:00:15 2011 +0000
+++ b/ChangeLog	Fri Mar 11 02:03:45 2011 +0000
@@ -37,6 +37,11 @@
 	  room (not currently supported by Pidgin and Finch).  (Thijs Alkemade)
 	  (#10986, #a14219)
 
+	Yahoo!/Yahoo! JAPAN:
+	* Fix CVE-2011-1091, denials of service caused by NULL pointer
+	  dereferences due to improper handling of malformed YMSG packets.  Thanks
+	  to Marius Wachtler for reporting this and reviewing the fix!
+
 version 2.7.10 (02/06/2011):
 	General:
 	* Force video sources to all have the same capabilities.  This reduces the