This bug was fixed in the package pidgin - 1:2.6.6-1ubuntu4.1
---------------
pidgin (1:2.6.6-1ubuntu4.1) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via custom emoticon
- debian/patches/93_CVE-2010-1624.patch: make sure body is valid in
libpurple/protocols/msn/slp.c.
- CVE-2010-1624
* SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
- debian/patches/94_CVE-2010-3711.patch: correctly handle
purple_base64_decode return codes in libpurple/ntlm.c,
libpurple/plugins/perl/common/Util.xs,
libpurple/protocols/{jabber/auth_digest_md5.c,msn/slp.c,
myspace/message.c,oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
- CVE-2010-3711
-- Marc Deslauriers <[email protected]> Wed, 03 Nov 2010 08:51:08
-0400
** Changed in: pidgin (Ubuntu Karmic)
Status: Confirmed => Fix Released
--
CVE-2010-3711 security vulnerability in pidgin < 2.7.4
https://bugs.launchpad.net/bugs/666998
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
