Buffer overflow when receiving unexpected sequence of MSNSLP messages Affected code: src/protocols/msn/slplink.c memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances. This issue affects gaim 0.79-1.0.1
Public, removing embargo.
This is fixed in gaim-1.0.1-1.FC3 shipping in FC3 final. I am testing and preparing gaim-1.0.2 for FC2 and FC3 updates now.
Crap... the security update for gaim was rejected from FC3 final. 1.0.2 update coming immediately.
This security update has subsequently made FC3 final, and issued as 1.0.2 to FC2.