This bug was fixed in the package pidgin - 1:2.6.2-1ubuntu7.1
---------------
pidgin (1:2.6.2-1ubuntu7.1) karmic-security; urgency=low
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/63_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/64_security_CVE-2010-0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/msn/slp.c.
- CVE-2010-0013
-- Marc Deslauriers <[email protected]> Thu, 14 Jan 2010 11:22:13
-0500
** Changed in: pidgin (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3615
--
Security problem allows to remotely read user files (MSN protocol)
https://bugs.launchpad.net/bugs/501089
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
