Pidgin 2.6.5 released
Josh Bressers
bressers at redhat.com
Mon Jan 11 08:17:13 EST 2010
----- "Paul Aurich" <paul at darkrain42.org> wrote:
> Pidgin 2.6.5 is released (though not yet listed as such at pidgin.im).
> As mentioned previously, this release provides a fix for CVE-2010-013
> (MSN arbitrary file upload), along with a number of build fixes and crash
> bugs.
>
Does this update this fix this the MSN memory corruption bug?
CVE-2010-0277
slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
Adium 1.3.8 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via
unknown vectors, a different issue than CVE-2010-0013.
Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
Reference:
MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
Thanks.
--
JB
More information about the Packagers
mailing list