diff options
| -rw-r--r-- | NEWS | 15 | ||||
| m--------- | lib/ext/wocky | 0 |
2 files changed, 14 insertions, 1 deletions
@@ -1,7 +1,20 @@ telepathy-gabble 0.17.3 (UNRELEASED) ==================================== -:-O +This fixes a remotely-triggered denial-of-service bug. You +should upgrade. + +Fixes: + +• fd.o#57521: don't crash when the server sends back malformed or error + replies to privacy list queries. (wjt) + +• fd.o#61433: don't crash on weirdly-shaped data forms in caps query + replies. This issue is tracked as CVE-2013-1769. Unfortunately, this + bug can be triggered by any XMPP user who knows your bare JID, not + just by people you've authorized to see your presence. Fortunately, it + is just a NULL pointer dereference, rather than allowing the attacker + to do anything more nefarious like execute code. (wjt) Enhancements: diff --git a/lib/ext/wocky b/lib/ext/wocky -Subproject 0fc8f511683054634d7ba5d447e38a634400eeb +Subproject d822581db0752351850b7e7ddfe3e70008897a5 |