Remote crash in old Pidgin versions

Mark Doliner mark at
Fri Dec 28 19:07:39 EST 2012

Someone brought to our attention that Pidgin versions before 2.7.10
contained a remote crash bug (null pointer dereference only--I believe
buffer overflow is not possible).  This bug was fixed in Pidgin 2.7.10
and all newer versions.

I bring this to your attention because we did not treat this as a
security problem at the time and we did not notify you or list this at

If you're maintaining security updates for a Pidgin build older than
2.7.10 then I recommend you include this patch:


More information about the Packagers mailing list