CVE-2010-0277 Re: Pidgin 2.6.5 released

Warren Togami wtogami at
Wed Jan 13 16:52:07 EST 2010

On 01/13/2010 11:41 AM, Paul Aurich wrote:
>>> CVE-2010-0277
>>> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
>>> Adium 1.3.8 allows remote attackers to cause a denial of service
>>> (memory corruption) or possibly have unspecified other impact via
>>> unknown vectors, a different issue than CVE-2010-0013.
>>> Reference: URL:
>>> Reference:
>>> MISC:
>>> Thanks.
>> No.
>> As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").
>> ~Paul
> I contacted Fabian and he's going to follow up with some code that triggers this this weekend.

Perhaps we can release the fix for CVE-2010-0277 along with a permanent 
solution for the AIM breakage issue in pidgin-2.6.6?

Warren Togami
wtogami at

More information about the Packagers mailing list