Remote crash in Finch
Sadrul Habib Chowdhury
sadrul at pidgin.im
Tue Feb 9 22:11:10 EST 2010
Hi. There seems to be a bug in finch that can cause a crash, and it can be
triggered remotely.
In an XMPP MUC, if someone changes the nick to '<br>' (using '/nick <br>'
for example), then libpurple ends up having two users with username '\n'
in the room, and finch crashes in this situation.
The bug in the XMPP prpl is reported in #11318. It causes multiple users
with empty names ('\n') in the userlist in pidgin, but as far as I know,
it causes a crash only in finch.
>From the looks of things, it appears the remote exploitability in finch
is still 'unknown'. I have CC'ed this mail to Josh Bressers. I believe
you can issue a CVE# for this yet-undisclosed issue?
Our plan regarding this is to include a fix for the crash in the upcoming
version 2.6.6 in about a week's time.
Cheers,
Sadrul
More information about the Packagers
mailing list