*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Binary package hint: pidgin Pidgin 2.7.4 fixes CVE-2010-3711. Description: "It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service". References: http://pidgin.im/news/security/?id=48 http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc ** Affects: pidgin (Ubuntu) Importance: Undecided Status: New -- CVE-2010-3711 security vulnerability in pidgin < 2.7.4 https://bugs.edge.launchpad.net/bugs/666998 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
