Gaim plans on releasing 1.3.1 on Thursday to fix a Yahoo DoS.
It is possible to crash gaim by sending a file transfer of a file with a
file name with some character sets.
rizzo: please don't commit anything until the public release. Then it's your
call between applying the patch to the current one, or releasing a pure 1.3.1.
I'd rather just wait for 1.3.1. It will be out tomorrow night.
An MSN DOS was also posted today to the gaim-packagers list which *should* be
fixed for 1.3.1 as well.
gaim-1.3.1 is now in portage, stable x86, unstable all others.
MSN Remote DoS (CAN-2005-1934)
Discovered By Hugo de Bokkenrijder
Remote attackers can cause a denial of service (crash) via a malformed MSN
message that leads to a memory allocation of a large size, possibly due to an
integer signedness error.
Remote Yahoo! crash (CAN-2005-1269)
Discovered By Jacopo Ottaviani
Remote denial of service when being offered files with names containing
Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Arches, please test and mark stable
Stable on ppc.
stable on amd64
stable on alpha ia64
stable on ppc64
Stable on hppa.
mips: remember to mark stable to benefir from GLSA
Stable on mips.