This bug was fixed in the package pidgin - 1:2.10.3-0ubuntu1.1
---------------
pidgin (1:2.10.3-0ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
transfer requests (LP: #996691)
- debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
connection attempts. Based on upstream patch.
- CVE-2012-2214
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <tyhi...@canonical.com> Sun, 08 Jul 2012 18:14:21 -0500
** Changed in: pidgin (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2214
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2318
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3374
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/996691
Title:
Pidgin may be vulnerable to remote MSN and XMPP crashes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/996691/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
