Remote crash in Finch
Tomas Hoger
thoger at redhat.com
Thu Feb 11 04:21:41 EST 2010
On Wed, 10 Feb 2010 12:17:44 -0500 Sadrul Habib Chowdhury
<sadrul at pidgin.im> wrote:
> The crash happens when Finch tries to read memory it has already
> freed. I do not believe it can be used to execute code, or do
> anything malicious of that nature. 'remote crashibility' is probably
> more appropriate (except that doesn't seem to be a real word).
>
> libpurple incorrectly parses the username as '\n', where it should
> really be '<br>'. This is due to some libxml2 weirdness, and is fixed
> by 0085c32abf29d034d30feef1ffb1d483e316a9a8.
>
> The fix for the crash itself in finch has not yet been committed.
Please use CVE-2010-0420.
--
Tomas Hoger / Red Hat Security Response Team
More information about the Packagers
mailing list