From owner-svn-ports-head@FreeBSD.ORG Sun Mar 10 04:03:18 2013
Return-Path: Pidgin reports: libpurple -- Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) Fix a crash when receiving UPnP responses with abnormally long values. MXit -- Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) -- Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272) Fix two bugs where a remote MXit user could possibly specify a local file
+ path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially
+ send specially crafted data that could overflow a buffer and lead to a crash
+ or remote code execution. Sametime -- Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) Fix a crash in Sametime when a malicious server sends us an abnormally long
+ user ID.
Mark Evans reports:
-Unfortunately there is a security vulnerability in Dragonfly when - used with Rails which would potentially allow an attacker to run +
Unfortnately there is a security vulnerability in Dragonfly when + used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.