*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: pidgin CVE-2008-2955 description: "Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2955 CVE-2008-2956 description: "Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2956 CVE-2008-2957 description: "The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2957 ** Affects: pidgin (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2955 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2956 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2957 -- [CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities https://bugs.launchpad.net/bugs/245769 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
