Pidgin 2.6.5 released
Paul Aurich
paul at darkrain42.org
Mon Jan 11 13:32:50 EST 2010
On Jan 11, 2010, at 05:17, Josh Bressers wrote:
> ----- "Paul Aurich" <paul at darkrain42.org> wrote:
>
>> Pidgin 2.6.5 is released (though not yet listed as such at pidgin.im).
>> As mentioned previously, this release provides a fix for CVE-2010-013
>> (MSN arbitrary file upload), along with a number of build fixes and crash
>> bugs.
>>
>
> Does this update this fix this the MSN memory corruption bug?
>
> CVE-2010-0277
>
> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
> Adium 1.3.8 allows remote attackers to cause a denial of service
> (memory corruption) or possibly have unspecified other impact via
> unknown vectors, a different issue than CVE-2010-0013.
>
> Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
> Reference:
> MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
>
> Thanks.
No.
As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").
~Paul
More information about the Packagers
mailing list