Request for CVEs for Pidgin

Mark Doliner mark at kingant.net
Wed Jan 15 11:01:27 EST 2014


On Wed, Jan 15, 2014 at 6:19 AM, Tomas Hoger <thoger at redhat.com> wrote:
> On Tue, 14 Jan 2014 13:35:15 -0800 Mark Doliner wrote:
>> > I'd like to share this list with a colleague, Kurt Seifried, who
>> > handles many CVE assignments, to help with deciding on the
>> > merge/split cases.  You can find him do a lot of assignments on the
>> > oss-security list.  Please let me know if it's ok to send him your
>> > list.
>>
>> Sure, that sounds totally reasonable.
>
> Forwarded, I hope to get you IDs soon.

Hi Tomas. Can I please add one more security bug to the list? :-(

It was discovered yesterday by a Pidgin developer. We believe it is
not public knowledge.

-----

ISSUE-16, discovered by Daniel Atallah
Remotely triggerable crash in IRC argument parsing.
A malicious server or man-in-the-middle could trigger a crash in
libpurple by sending a message with fewer than expected arguments.

-----


More information about the security mailing list