Ubuntu
pidgin package

  1. Bug #666998
  2. Comment #4

Comment 4 for bug 666998

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pidgin - 1:2.4.1-1ubuntu2.10

---------------
pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden> Wed, 03 Nov 2010 09:36:41 -0400