Index: htdocs/security/index.php
===================================================================
RCS file: /cvsroot/gaim/web/htdocs/security/index.php,v
retrieving revision 1.4
diff -u -p -r1.4 index.php
--- htdocs/security/index.php 28 Aug 2004 13:29:07 -0000 1.4
+++ htdocs/security/index.php 28 Aug 2004 14:19:02 -0000
@@ -12,17 +12,17 @@
$description[$num] = "In two places in the MSN protocol plugins (object.c and slp.c), strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's MSNSLP protocol, which is peer-to-peer, so this could potentially be easy to exploit.";
$fix[$num] = "Bounds checking was added in both places.";
$fixedversion[$num] = "0.82";
- $discoveredby[$num] = "(unknown)";
+ $discoveredby[$num] = "Sebastian Krahmer (SUSE Security Team)";
$num++;
$title[$num] = "Smiley theme installation lack of escaping";
- $date[$num] = "22 August 2004";
+ $date[$num] = "26 August 2004";
$cve[$num] = "CAN-2004-0784";
$summary[$num] = "Dragging a carefully crafted smiley theme filename onto Gaim could cause arbitrary command execution.";
$description[$num] = "To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command to untar it. However, it does not escape the filename before sending it to the shell. Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector.";
$fix[$num] = "Filenames are now escaped using g_shell_quote().";
$fixedversion[$num] = "0.82";
- $discoveredby[$num] = "(unknown)";
+ $discoveredby[$num] = "A Gaim Crazy Patch Writer";
$num++;
$title[$num] = "Groupware message receive integer overflow";
@@ -67,7 +67,6 @@
$title[$num] = "Content-length DOS (malloc error)";
$date[$num] = "26 August 2004";
- $cve[$num] = "N/A";
$summary[$num] = "Posibile for a malicious web server to provide a web page with a false content-length value which could crash Gaim.";
$description[$num] = "Remote crash. When a remote server provides a large \"content-length\" header value, Gaim will attempt to allocate a buffer to store the content, however this allocation attempt will cause Gaim to crash if the length exceeds the amount of possible memory. This happens when reading profile information on some protocols. It also happens when smiley themes are installed via drag and drop.";
$fix[$num] = "The call to g_malloc() was replaced with a call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.";
@@ -88,7 +87,7 @@
?>
-This is a list of all potential Gaim security vulnerabilities occuring after
+This is a list of all potential Gaim security vulnerabilities discovered after
August 1st, 2004.
@@ -104,7 +103,10 @@ August 1st, 2004.
for ($i = $num-1; $i >= 0; $i--) {
print("");
print("| $title[$i] | ");
- print("$cve[$i] | ");
+ if ($cve[$i])
+ print("$cve[$i] | ");
+ else
+ print("N/A | ");
print("$date[$i] | ");
print("$fixedversion[$i] | ");
print("
");
@@ -119,7 +121,10 @@ August 1st, 2004.
print("");
print("| Title | $title[$id] |
|---|
");
print("| Date | $date[$id] |
|---|
");
- print("| CVE Name | $cve[$id] |
|---|
");
+ if ($cve[$id])
+ print("| CVE Name | $cve[$id] |
|---|
");
+ else
+ print("| CVE Name | N/A |
|---|
");
print("| Discovered By | $discoveredby[$id] |
|---|
");
print("| Summary | $summary[$id] |
|---|
");
print("| Description | $description[$id] |
|---|
");