Remotely-triggerable crash in libpurple

Tomas Hoger thoger at
Wed Jul 14 15:58:30 EDT 2010

Hi Mark!

On Wed, 14 Jul 2010 01:18:24 -0700 Mark Doliner wrote:

> A security vulnerability has been discovered in libpurple.  It is ONLY
> a remote crash (null pointer dereference), not a buffer overflow.  In
> the past we have had CVE numbers issued for this.  Josh, Jan or Tomas
> from Red Hat, if you guys agree with all of this, do you think one of
> you could handle issuing a CVE?  Thanks!

Similar problems were handled as security in the past, so I'm fine with
assigning CVE that can be used in release notes / advisory.  Please use

Tomas Hoger / Red Hat Security Response Team

More information about the Packagers mailing list