Package: pidgin Version: 2.4.3-4lenny2 Severity: normal Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pidgin. CVE-2009-2694[0]: | A remote arbitrary-code-execution vulnerability has been found in | Libpurple (used by Pidgin and Adium instant messaging clients, among | others), which can be triggered by a remote attacker by sending a | specially crafted MSNSLP packet [4] with invalid data to the client | through the MSN server. No victim interaction is required, and the | attacker is not required to be in the victim's buddy list (under | default configuration). This bug is fixed in pidgin 2.5.9 [1] Thanks for your work. [0] http://www.coresecurity.com/content/libpurple-arbitrary-write [1] http://pidgin.im/news/security/?id=34 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
