changeset 28343:e3afedf82bb6

Any objections to this? I think it's good for us to acknowledge people who find bugs and tell us about them in detail (they even gave us a proof of concept script!)
author Mark Doliner <mark@kingant.net>
date Tue, 18 Aug 2009 22:28:12 +0000
parents d4036e0f58d6
children 2ee64cfbbe2e
files ChangeLog
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Aug 18 18:48:45 2009 +0000
+++ b/ChangeLog	Tue Aug 18 22:28:12 2009 +0000
@@ -209,7 +209,9 @@
 	  Miscellaneous categories.
 
 version 2.5.9 (08/18/2009):
-	* Fix a crash via a specially crafted MSN message (CVE-2009-2694).
+	* Fix a crash via a specially crafted MSN message (CVE-2009-2694,
+	  thanks to Core Security Technologies for discovering this and
+	  notifying us privately before announcing it).
 	* Fix a crash in Bonjour, MSN, and XMPP when trying to transfer files with
 	  NULL names.