Pidgin 2.6.5 released

Paul Aurich paul at
Mon Jan 11 13:32:50 EST 2010

On Jan 11, 2010, at 05:17, Josh Bressers wrote:
> ----- "Paul Aurich" <paul at> wrote:
>> Pidgin 2.6.5 is released (though not yet listed as such at
>> As mentioned previously, this release provides a fix for CVE-2010-013
>> (MSN arbitrary file upload), along with a number of build fixes and crash
>> bugs.
> Does this update this fix this the MSN memory corruption bug?
> CVE-2010-0277
> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
> Adium 1.3.8 allows remote attackers to cause a denial of service
> (memory corruption) or possibly have unspecified other impact via
> unknown vectors, a different issue than CVE-2010-0013.
> Reference: URL:
> Reference:
> MISC:  
> Thanks.


As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").


More information about the Packagers mailing list