Comment 62 for bug 401028

Justification for SRU: This bug affects 371 users and has a bug heat of 1860. It is also a potential security issue. As per above comments, security team has agreed to let this bug fixed according to the SRU process.

Upstream has accepted temugen's patch and papyon 0.4.4-1ubuntu1 in lucid includes this patch.

TEST CASE: As per comment #36, this bug can be reproduced by sending a malformed SHA1C value via an msn_object avatar, for example by modifying papyon to the following: http://pastebin.ubuntu.com/390204/

This patch is already in new upstream version and working fine on lucid. Regresion potential is low