Remotely-triggerable crash in libpurple
Tomas Hoger
thoger at redhat.com
Wed Jul 14 15:58:30 EDT 2010
Hi Mark!
On Wed, 14 Jul 2010 01:18:24 -0700 Mark Doliner wrote:
> A security vulnerability has been discovered in libpurple. It is ONLY
> a remote crash (null pointer dereference), not a buffer overflow. In
> the past we have had CVE numbers issued for this. Josh, Jan or Tomas
> from Red Hat, if you guys agree with all of this, do you think one of
> you could handle issuing a CVE? Thanks!
Similar problems were handled as security in the past, so I'm fine with
assigning CVE that can be used in release notes / advisory. Please use
CVE-2010-2528.
--
Tomas Hoger / Red Hat Security Response Team
More information about the Packagers
mailing list