From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Aug 20 19:07:10 2009 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31BEC106564A; Thu, 20 Aug 2009 19:07:10 +0000 (UTC) (envelope-from armin@frozen-zone.org) Received: from mailbackup.inode.at (mailbackup.inode.at [213.229.60.24]) by mx1.freebsd.org (Postfix) with ESMTP id B1AE48FC55; Thu, 20 Aug 2009 19:07:09 +0000 (UTC) Received: from [62.99.145.4] (port=36830 helo=mx.inode.at) by mailbackup.inode.at with esmtp (Exim 4.67) (envelope-from ) id 1MeCnY-0001Ul-Q5; Thu, 20 Aug 2009 20:55:44 +0200 Received: from [84.119.8.67] (port=4596 helo=fz-sub1.local) by smartmx-04.inode.at with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MeCnW-00074P-MX; Thu, 20 Aug 2009 20:55:42 +0200 Date: Thu, 20 Aug 2009 20:55:40 +0200 From: Armin Pirkovitsch To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Message-ID: <20090820201208fz@frozen-zone.org> References: <200908201809.n7KI9iDV035571@www.freebsd.org> <200908201810.n7KIA6CI045160@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline In-Reply-To: <200908201810.n7KIA6CI045160@freefall.freebsd.org> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Subject: Re: ports/137997: vuxml update (for pidgin) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Armin Pirkovitsch List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 19:07:10 -0000 --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline corrected patch. --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="vuln-patch.txt" --- vuln.xml.orig 2009-08-19 23:48:01.000000000 +0200 +++ vuln.xml 2009-08-20 20:50:26.000000000 +0200 @@ -34,6 +34,44 @@ --> + + pidgin -- MSN overflow parsing SLP messages + + + pidgin + libpurple + finch + 2.5.9 + + + + +

Secunia reports:

+
A vulnerability has been reported in Pidgin, which can be + exploited by malicious people to potentially compromise a user's + system.
+
The vulnerability is caused due to an error in the + "msn_slplink_process_msg()" function when processing MSN SLP + messages and can be exploited to corrupt memory.
+
Successful exploitation may allow execution of arbitrary + code.
+
The vulnerability is reported in versions 2.5.8 and prior. + Other versions may also be affected.
+

+ + + + CVE-2009-2694 + http://secunia.com/advisories/36384/ + http://www.pidgin.im/news/security/?id=34 + + + 2009-08-18 + 2009-08-20 + + + GnuTLS -- multiple vulnerabilities --vtzGhvizbBRQ85DL--