Package: qutecom Version: 2.2~rc3.hg396~dfsg1-5+b1 Severity: important Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for pidgin. Since qutecom embeds libpurple, it may also be affected. I have not checked this myself, so please do so, and close the bug if you find the package to be not affected. CVE-2010-0423[0]: | gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a | denial of service (CPU consumption and application hang) by sending | many smileys in a (1) IM or (2) chat. CVE-2010-0420[1]: | libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user | chat (MUC) room is used, does not properly parse nicknames containing | <br> sequences, which allows remote attackers to cause a denial of | service (application crash) via a crafted nickname. CVE-2010-0277[2]: | slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, | including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a | denial of service (memory corruption and application crash) or | possibly have unspecified other impact via a malformed MSNSLP INVITE | request in an SLP message, a different issue than CVE-2010-0013. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 http://security-tracker.debian.org/tracker/CVE-2010-0423 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://security-tracker.debian.org/tracker/CVE-2010-0420 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://security-tracker.debian.org/tracker/CVE-2010-0277 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
