Remote crash in Finch

Tomas Hoger thoger at redhat.com
Thu Feb 11 04:21:41 EST 2010


On Wed, 10 Feb 2010 12:17:44 -0500 Sadrul Habib Chowdhury
<sadrul at pidgin.im> wrote:

> The crash happens when Finch tries to read memory it has already
> freed. I do not believe it can be used to execute code, or do
> anything malicious of that nature. 'remote crashibility' is probably
> more appropriate (except that doesn't seem to be a real word).
> 
> libpurple incorrectly parses the username as '\n', where it should
> really be '<br>'. This is due to some libxml2 weirdness, and is fixed
> by 0085c32abf29d034d30feef1ffb1d483e316a9a8.
> 
> The fix for the crash itself in finch has not yet been committed.

Please use CVE-2010-0420.

-- 
Tomas Hoger / Red Hat Security Response Team



More information about the Packagers mailing list