Remote crash in Finch
Sadrul Habib Chowdhury
sadrul at pidgin.im
Thu Feb 11 09:23:27 EST 2010
* Tomas Hoger had this to say on [11 Feb 2010, 10:21:41 +0100]:
> On Wed, 10 Feb 2010 12:17:44 -0500 Sadrul Habib Chowdhury
> <sadrul at pidgin.im> wrote:
>
> > The crash happens when Finch tries to read memory it has already
> > freed. I do not believe it can be used to execute code, or do
> > anything malicious of that nature. 'remote crashibility' is probably
> > more appropriate (except that doesn't seem to be a real word).
> >
> > libpurple incorrectly parses the username as '\n', where it should
> > really be '<br>'. This is due to some libxml2 weirdness, and is fixed
> > by 0085c32abf29d034d30feef1ffb1d483e316a9a8.
> >
> > The fix for the crash itself in finch has not yet been committed.
>
> Please use CVE-2010-0420.
Will do. Thanks!
Sadrul
More information about the Packagers
mailing list