# HG changeset patch # User Mark Doliner # Date 1250634492 0 # Node ID e3afedf82bb6d54d04e7153fcf4f0775289e900c # Parent d4036e0f58d600ddaa11264996f48ce2fe34c296 Any objections to this? I think it's good for us to acknowledge people who find bugs and tell us about them in detail (they even gave us a proof of concept script!) diff -r d4036e0f58d6 -r e3afedf82bb6 ChangeLog --- a/ChangeLog Tue Aug 18 18:48:45 2009 +0000 +++ b/ChangeLog Tue Aug 18 22:28:12 2009 +0000 @@ -209,7 +209,9 @@ Miscellaneous categories. version 2.5.9 (08/18/2009): - * Fix a crash via a specially crafted MSN message (CVE-2009-2694). + * Fix a crash via a specially crafted MSN message (CVE-2009-2694, + thanks to Core Security Technologies for discovering this and + notifying us privately before announcing it). * Fix a crash in Bonjour, MSN, and XMPP when trying to transfer files with NULL names.