[telepathy-gabble-0.16] telepathy-gabble: NEWS for 0.16.5
Will Thompson
wjt at kemper.freedesktop.org
Mon Mar 4 04:22:18 PST 2013
Module: telepathy-gabble
Branch: telepathy-gabble-0.16
Commit: 4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6
URL: http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6
Author: Will Thompson <will.thompson at collabora.co.uk>
Date: Fri Mar 1 09:16:25 2013 +0000
NEWS for 0.16.5
---
NEWS | 19 +++++++++++++++++++
1 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/NEWS b/NEWS
index 3bdd561..5cd2165 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+telepathy-gabble 0.16.5 (2013-03-01)
+====================================
+
+The “In Actuality You Are A Gigantic, Bloodthirsty Grizzly Bearâ€
+release. This fixes a remotely-triggered denial-of-service bug. You
+should upgrade.
+
+Fixes:
+
+• fd.o#57521: don't crash when the server sends back malformed or error
+ replies to privacy list queries. (wjt)
+
+• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
+ replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
+ bug can be triggered by any XMPP user who knows your bare JID, not
+ just by people you've authorized to see your presence. Fortunately, it
+ is just a NULL pointer dereference, rather than allowing the attacker
+ to do anything more nefarious like execute code. (wjt)
+
telepathy-gabble 0.16.4 (2012-11-09)
====================================
More information about the telepathy-commits
mailing list