Remote crash in ICQ

Warren Togami wtogami at
Sun Jun 28 20:01:20 EDT 2009

On 06/28/2009 07:56 PM, Mark Doliner wrote:
> Oh, and I suspect there is probably no chance of remote code
> execution.  The data that triggers the crash comes from the ICQ
> servers, and I believe is limited to a fairly short length.  It's also
> probably filtered quite a bit.
> Attached is a patch to fix the bug.  It applies cleanly to 2.5.7,
> 2.5.6, 2.5.5 and 2.5.4 (with offset).  I didn't test any older
> versions.  Only libpurple has changed, so if your Pidgin package links
> to libpurple dynamically then you really only need to rebuild
> libpurple.  Also, we've just released 2.5.8 which includes this fix
> and a few other nice bug fixes.  Source packages are at
> and changelog at
> Thanks, and sorry for the inconvenience.
> -Mark

We still have pidgin-1.5.x in RHEL-3.  Is that affected by this?

Warren Togami
wtogami at

More information about the Packagers mailing list