Merge branch 'telepathy-gabble-0.16'

Conflicts: NEWS configure.ac lib/ext/wocky
author: Will Thompson <will.thompson@collabora.co.uk> 2013-03-01 15:11:53 +0000
committer: Will Thompson <will.thompson@collabora.co.uk> 2013-03-01 15:11:53 +0000
commit: 675565c73c265b7a545f45165ed97299890453fc (patch)
tree: dc5844d417cbfe5b4b369d15d0f544de25dc1c10
parent: 73c80443fd8594212f1a0f9fb8a99a0a4d691dbc (diff)
parent: ff28128c7699b7fee5757a742f07b4cf9c98764c (diff)
2 files changed, 14 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 8f2267f1b..dbed18ad3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,20 @@
 telepathy-gabble 0.17.3 (UNRELEASED)
 ====================================
 
-:-O
+This fixes a remotely-triggered denial-of-service bug. You
+should upgrade.
+
+Fixes:
+
+• fd.o#57521: don't crash when the server sends back malformed or error
+  replies to privacy list queries. (wjt)
+
+• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
+  replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
+  bug can be triggered by any XMPP user who knows your bare JID, not
+  just by people you've authorized to see your presence. Fortunately, it
+  is just a NULL pointer dereference, rather than allowing the attacker
+  to do anything more nefarious like execute code. (wjt)
 
 Enhancements:
 
diff --git a/lib/ext/wocky b/lib/ext/wocky
-Subproject 0fc8f511683054634d7ba5d447e38a634400eeb
+Subproject d822581db0752351850b7e7ddfe3e70008897a5
author	Will Thompson <will.thompson@collabora.co.uk>	2013-03-01 15:11:53 +0000
committer	Will Thompson <will.thompson@collabora.co.uk>	2013-03-01 15:11:53 +0000
commit	675565c73c265b7a545f45165ed97299890453fc (patch)
tree	dc5844d417cbfe5b4b369d15d0f544de25dc1c10
parent	73c80443fd8594212f1a0f9fb8a99a0a4d691dbc (diff)
parent	ff28128c7699b7fee5757a742f07b4cf9c98764c (diff)