cve-2013-6477-00

Summary Crash handling bad XMPP timestamp
Date 2014-01-28
CVE Number CVE-2013-6477
Discovered By Jaime Breva Ribes
Fixed In Release 2.10.8

Description

A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future.

Mitigation

Avoid passing negative timestamps to localtime().

Looking to reach us via XMPP? Check out the new PidginChat service!