NEWS for 0.16.5

author: Will Thompson <will.thompson@collabora.co.uk> 2013-03-01 09:16:25 +0000
committer: Will Thompson <will.thompson@collabora.co.uk> 2013-03-01 09:16:25 +0000
commit: 4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6 (patch)
tree: 17985efe075087a4e035bd5a20f6a3090c1ecdb0 /NEWS
parent: 110c5af4da0dfd7cd658a1d12047f0dbc79ae2d6 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 3bdd5619a..5cd216512 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+telepathy-gabble 0.16.5 (2013-03-01)
+====================================
+
+The “In Actuality You Are A Gigantic, Bloodthirsty Grizzly Bear”
+release. This fixes a remotely-triggered denial-of-service bug. You
+should upgrade.
+
+Fixes:
+
+• fd.o#57521: don't crash when the server sends back malformed or error
+  replies to privacy list queries. (wjt)
+
+• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
+  replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
+  bug can be triggered by any XMPP user who knows your bare JID, not
+  just by people you've authorized to see your presence. Fortunately, it
+  is just a NULL pointer dereference, rather than allowing the attacker
+  to do anything more nefarious like execute code. (wjt)
+
 telepathy-gabble 0.16.4 (2012-11-09)
 ====================================
author	Will Thompson <will.thompson@collabora.co.uk>	2013-03-01 09:16:25 +0000
committer	Will Thompson <will.thompson@collabora.co.uk>	2013-03-01 09:16:25 +0000
commit	4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6 (patch)
tree	17985efe075087a4e035bd5a20f6a3090c1ecdb0 /NEWS
parent	110c5af4da0dfd7cd658a1d12047f0dbc79ae2d6 (diff)