pidgin (1:2.2.1-1ubuntu4.1) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #158400)
+ CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, allows remote attackers to cause a denial of service (NULL
dereference and application crash) via a message that contains invalid
HTML
data, a different vector than CVE-2007-4996.
* debian/patches/99_CVE-2007-4999.patch:
- Applied patch by upstream
- Link:
http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
* References:
CVE-2007-4999
http://developer.pidgin.im/ticket/3436
-- Stephan Hermann <[EMAIL PROTECTED]> Mon, 26 Nov 2007 16:32:57 +0100
** Changed in: pidgin (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-4996
--
[CVE-2007-4999] pidgin HTML Processing Denial of Service
https://bugs.launchpad.net/bugs/158400
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
