Possible security issue in Pidgin 2.7.3 (and later?)

Moritz Naumann bugs.debian.org at moritz-naumann.com
Sun Dec 16 21:10:14 EST 2012


here's a quote from #debian-security on the OFTC IRC network, posted
roughly four hours ago:

> * [TheFlash] (~TheFlash]@cable-188-2-16-115.dynamic.sbb.rs) has joined #debian-security
> <[TheFlash]> hi
> <[TheFlash]> i think i found a denial of service vulnerability in the "pidgin" package (on Debian stable, fully updated)
> <[TheFlash]> which may or may not be an improperly patched previous vulnerability
> <[TheFlash]> it's possible to remotely crash pidgin (segmentation fault) through the XMPP protocol
> <[TheFlash]> the actual crash seems to happen on line 169 of jingle/transport.c (NULL dereference)
> <[TheFlash]> this bug isn't listed on security-tracker.debian.org, should I report it somewhere?
> * [TheFlash] (~TheFlash]@cable-188-2-16-115.dynamic.sbb.rs) has left #debian-security
(14 minutes after s/he joined)

I have not made any attempts to reproduce this issue on Pidgin 2.7.3 (in
Debian stable) or any earlier/later version.

I'm also unrelated to the original reporter.

I'm just trying to ensure this info isn't lost.


More information about the security mailing list