Pidgin 2.6.5 released
paul at darkrain42.org
Wed Jan 13 11:41:55 EST 2010
On Jan 11, 2010, at 10:32, Paul Aurich wrote:
> On Jan 11, 2010, at 05:17, Josh Bressers wrote:
>> ----- "Paul Aurich" <paul at darkrain42.org> wrote:
>>> Pidgin 2.6.5 is released (though not yet listed as such at pidgin.im).
>>> As mentioned previously, this release provides a fix for CVE-2010-013
>>> (MSN arbitrary file upload), along with a number of build fixes and crash
>> Does this update this fix this the MSN memory corruption bug?
>> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
>> Adium 1.3.8 allows remote attackers to cause a denial of service
>> (memory corruption) or possibly have unspecified other impact via
>> unknown vectors, a different issue than CVE-2010-0013.
>> Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
> As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").
I contacted Fabian and he's going to follow up with some code that triggers this this weekend.
More information about the Packagers