Your message dated Thu, 20 Aug 2009 00:49:29 +0200
with message-id <[email protected]>
and subject line Re: Bug#542486: pidgin: CVE-2009-2694 Libpurple
msn_slplink_process_msg() Arbitrary Write Vulnerability
has caused the Debian Bug report #542486,
regarding pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary
Write Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
542486: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542486
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pidgin
Version: 2.4.3-4lenny2
Severity: normal
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pidgin.
CVE-2009-2694[0]:
| A remote arbitrary-code-execution vulnerability has been found in
| Libpurple (used by Pidgin and Adium instant messaging clients, among
| others), which can be triggered by a remote attacker by sending a
| specially crafted MSNSLP packet [4] with invalid data to the client
| through the MSN server. No victim interaction is required, and the
| attacker is not required to be in the victim's buddy list (under
| default configuration).
This bug is fixed in pidgin 2.5.9 [1]
Thanks for your work.
[0] http://www.coresecurity.com/content/libpurple-arbitrary-write
[1] http://pidgin.im/news/security/?id=34
--- End Message ---
--- Begin Message ---
Version: 2.5.9-1
pgp4AHqDfIz9H.pgp
Description: PGP signature
--- End Message ---