Red Hat Bugzilla – Bug 135679
CAN-2004-0891 MSN protocol buffer overflow.
Last modified: 2007-11-30 17:10:51 EST
Buffer overflow when receiving unexpected sequence of MSNSLP messages
Affected code: src/protocols/msn/slplink.c memcpy was used without
checking the size of the buffer before copying to it. Additionally, a
logic flaw was causing the wrong buffer to be used as the destination
for the copy under certain circumstances.
This issue affects gaim 0.79-1.0.1
Public, removing embargo.
This is fixed in gaim-1.0.1-1.FC3 shipping in FC3 final. I am testing
and preparing gaim-1.0.2 for FC2 and FC3 updates now.
Crap... the security update for gaim was rejected from FC3 final.
1.0.2 update coming immediately.
This security update has subsequently made FC3 final, and issued as
1.0.2 to FC2.