Remote crash in ICQ
Warren Togami
wtogami at redhat.com
Sun Jun 28 20:01:20 EDT 2009
On 06/28/2009 07:56 PM, Mark Doliner wrote:
>
> Oh, and I suspect there is probably no chance of remote code
> execution. The data that triggers the crash comes from the ICQ
> servers, and I believe is limited to a fairly short length. It's also
> probably filtered quite a bit.
>
> Attached is a patch to fix the bug. It applies cleanly to 2.5.7,
> 2.5.6, 2.5.5 and 2.5.4 (with offset). I didn't test any older
> versions. Only libpurple has changed, so if your Pidgin package links
> to libpurple dynamically then you really only need to rebuild
> libpurple. Also, we've just released 2.5.8 which includes this fix
> and a few other nice bug fixes. Source packages are at
> http://sourceforge.net/project/showfiles.php?group_id=235&package_id=230234&release_id=693070
> and changelog at http://developer.pidgin.im/wiki/ChangeLog
>
> Thanks, and sorry for the inconvenience.
>
> -Mark
We still have pidgin-1.5.x in RHEL-3. Is that affected by this?
Warren Togami
wtogami at redhat.com
More information about the Packagers
mailing list