Pidgin 2.8.0: MSN, No QQ...

Paul Aurich darkrain42 at pidgin.im
Thu May 12 00:47:49 EDT 2011


And Paul Aurich spoke on 05/11/2011 09:44 PM, saying:
> 2) We have a remote crashing (NULL deref) bug in the MSN protocol plugin,
> for which we probably need a CVE#.  Our resident MSN expert, Elliott,
> believes it's not exploitable by another user, although a malicious entity
> MITMing a Pidgin user could crash Pidgin.  I've attached the proposed patch
> from Mark Doliner.

Naturally, the attached patch is more correct; that other one contained
extraneous stuff from my tree.

~Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msn-httpconn-null-deref.patch
Type: text/x-patch
Size: 706 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20110511/8ec4bd09/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20110511/8ec4bd09/attachment.pgp>


More information about the Packagers mailing list