CVE-2010-0277 Re: Pidgin 2.6.5 released

Warren Togami wtogami at redhat.com
Wed Jan 13 16:52:07 EST 2010


On 01/13/2010 11:41 AM, Paul Aurich wrote:
>>> CVE-2010-0277
>>>
>>> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
>>> Adium 1.3.8 allows remote attackers to cause a denial of service
>>> (memory corruption) or possibly have unspecified other impact via
>>> unknown vectors, a different issue than CVE-2010-0013.
>>>
>>> Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
>>> Reference:
>>> MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
>>>
>>> Thanks.
>>
>> No.
>>
>> As far as I know, no Pidgin developer knows any more about this issue than is publicly available (namely "it exists").
>>
>> ~Paul
>
> I contacted Fabian and he's going to follow up with some code that triggers this this weekend.

Perhaps we can release the fix for CVE-2010-0277 along with a permanent 
solution for the AIM breakage issue in pidgin-2.6.6?

Warren Togami
wtogami at redhat.com



More information about the Packagers mailing list