Possible null pointer dereference in msn httpconn.c

John Bailey rekkanoryo at rekkanoryo.org
Fri Mar 25 08:29:46 EDT 2011


On 03/22/2011 08:26 PM, Marius Wachtler wrote:
<snip>
> This is will crash at least on my linux machine.
> 
> I think this can only be triggered by a malicious server therefore
> this should not have big consequences.
> 
> -- Marius Wachtler

Hello again, Marius.

Thanks for this report.  I'm sorry no one's gotten back to you about this yet.
I will definitely keep it on my radar for the upcoming 2.8.0 release.  The
release is still about a month away, as this is a larger API-adding and possibly
feature-adding release.  (The release is scheduled for April 23 or April 30,
depending on how many strings translators have to deal with.)  Since this does
seem to be a less severe vulnerability, I feel comfortable holding a fix until
then, unless something more severe comes up necessitating a quick 2.7.12.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110325/6aa56ed1/attachment.pgp>


More information about the security mailing list