Mercurial > pidgin
comparison ChangeLog @ 29074:89b4054deba1
Fix CVE-2010-0423, a denial of service attack due to the parsing
of large numbers of smileys. (Discovered by Antti Hayrynen)
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Tue, 16 Feb 2010 09:02:23 +0000 |
| parents | 40623dd0bba0 |
| children | cece09dbb119 |
comparison
equal
deleted
inserted
replaced
| 29073:40623dd0bba0 | 29074:89b4054deba1 |
|---|---|
| 25 * Allow setting and displaying icons between 1x1 and 100x100 pixels. | 25 * Allow setting and displaying icons between 1x1 and 100x100 pixels. |
| 26 Previously only icons between 48x48 and 50x50 were allowed. | 26 Previously only icons between 48x48 and 50x50 were allowed. |
| 27 | 27 |
| 28 MSN: | 28 MSN: |
| 29 * Fix CVE-2010-0277, a possible remote crash when parsing an incoming | 29 * Fix CVE-2010-0277, a possible remote crash when parsing an incoming |
| 30 SLP message. Discovered by Fabian Yamaguchi. | 30 SLP message. (Discovered by Fabian Yamaguchi) |
| 31 * File transfer requests will no longer cause a crash if you delete the | 31 * File transfer requests will no longer cause a crash if you delete the |
| 32 file before the other side accepts. | 32 file before the other side accepts. |
| 33 * Received files will no longer hold an extra lock after completion, | 33 * Received files will no longer hold an extra lock after completion, |
| 34 meaning they can be moved or deleted without complaints from your OS. | 34 meaning they can be moved or deleted without complaints from your OS. |
| 35 * Buddies who sign in from a second location will no longer cause an | 35 * Buddies who sign in from a second location will no longer cause an |
| 72 * Don't send <span> and </span> tags. (Fartash Faghri) | 72 * Don't send <span> and </span> tags. (Fartash Faghri) |
| 73 * Support PingBox. PingBoxes will appear as pbx/PingBoxName. (Kartik | 73 * Support PingBox. PingBoxes will appear as pbx/PingBoxName. (Kartik |
| 74 Mohta) | 74 Mohta) |
| 75 | 75 |
| 76 Pidgin: | 76 Pidgin: |
| 77 * Fix CVE-2010-0423, a denial of service attack due to the parsing | |
| 78 of large numbers of smileys. (Discovered by Antti Hayrynen) | |
| 77 * Correctly size conversation and status box entries when the | 79 * Correctly size conversation and status box entries when the |
| 78 interior-focus style property is diabled. (Gabriel Schulhof) | 80 interior-focus style property is diabled. (Gabriel Schulhof) |
| 79 * Correctly handle a multiline text field being required in a | 81 * Correctly handle a multiline text field being required in a |
| 80 request form. (Thanks to Florian Zeitz for finding this problem) | 82 request form. (Thanks to Florian Zeitz for finding this problem) |
| 81 * Search friends by email-addresses in the buddy list. (Luoh Ren-Shan) | 83 * Search friends by email-addresses in the buddy list. (Luoh Ren-Shan) |