Pidgin 2.6.5 released
Paul Aurich
paul at darkrain42.org
Wed Jan 13 11:41:55 EST 2010
On Jan 11, 2010, at 10:32, Paul Aurich wrote:
> On Jan 11, 2010, at 05:17, Josh Bressers wrote:
>> ----- "Paul Aurich" <paul at darkrain42.org> wrote:
>>
>>> Pidgin 2.6.5 is released (though not yet listed as such at pidgin.im).
>>> As mentioned previously, this release provides a fix for CVE-2010-013
>>> (MSN arbitrary file upload), along with a number of build fixes and crash
>>> bugs.
>>>
>>
>> Does this update this fix this the MSN memory corruption bug?
>>
>> CVE-2010-0277
>>
>> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
>> Adium 1.3.8 allows remote attackers to cause a denial of service
>> (memory corruption) or possibly have unspecified other impact via
>> unknown vectors, a different issue than CVE-2010-0013.
>>
>> Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
>> Reference:
>> MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
>>
>> Thanks.
>
> No.
>
> As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").
>
> ~Paul
I contacted Fabian and he's going to follow up with some code that triggers this this weekend.
~P
More information about the Packagers
mailing list