diff options
author | Will Thompson <will.thompson@collabora.co.uk> | 2013-03-01 15:11:53 +0000 |
---|---|---|
committer | Will Thompson <will.thompson@collabora.co.uk> | 2013-03-01 15:11:53 +0000 |
commit | 675565c73c265b7a545f45165ed97299890453fc (patch) | |
tree | dc5844d417cbfe5b4b369d15d0f544de25dc1c10 | |
parent | 73c80443fd8594212f1a0f9fb8a99a0a4d691dbc (diff) | |
parent | ff28128c7699b7fee5757a742f07b4cf9c98764c (diff) |
Merge branch 'telepathy-gabble-0.16'
Conflicts:
NEWS
configure.ac
lib/ext/wocky
-rw-r--r-- | NEWS | 15 | ||||
m--------- | lib/ext/wocky | 0 |
2 files changed, 14 insertions, 1 deletions
@@ -1,7 +1,20 @@ telepathy-gabble 0.17.3 (UNRELEASED) ==================================== -:-O +This fixes a remotely-triggered denial-of-service bug. You +should upgrade. + +Fixes: + +• fd.o#57521: don't crash when the server sends back malformed or error + replies to privacy list queries. (wjt) + +• fd.o#61433: don't crash on weirdly-shaped data forms in caps query + replies. This issue is tracked as CVE-2013-1769. Unfortunately, this + bug can be triggered by any XMPP user who knows your bare JID, not + just by people you've authorized to see your presence. Fortunately, it + is just a NULL pointer dereference, rather than allowing the attacker + to do anything more nefarious like execute code. (wjt) Enhancements: diff --git a/lib/ext/wocky b/lib/ext/wocky -Subproject 0fc8f511683054634d7ba5d447e38a634400eeb +Subproject d822581db0752351850b7e7ddfe3e70008897a5 |