Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 349906 (CVE-2010-4528) - <net-im/pidgin-2.7.9 Denial of Service with Short MSN Packets (CVE-2010-4528)
Summary: <net-im/pidgin-2.7.9 Denial of Service with Short MSN Packets (CVE-2010-4528)
Status: RESOLVED FIXED
Alias: CVE-2010-4528
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://developer.pidgin.im/wiki/Chang...
Whiteboard: B3 [noglsa]
Keywords:
: 349949 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-12-27 23:09 UTC by Tim Sammut (RETIRED)
Modified: 2011-01-10 19:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-12-27 23:09:43 UTC 
From URL:

version 2.7.9 (12/26/2010)
    * MSN:
          o Fix a crash when receiving short packets related to P2Pv2. 

Upstream has released 2.7.9 that fixes this issue.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-12-28 12:37:21 UTC 
*** Bug 349949 has been marked as a duplicate of this bug. ***
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2010-12-29 07:22:03 UTC 
New version is in the tree. Arch teams, please, stabilize pidgin-2.7.9.
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-12-29 10:26:33 UTC 
amd64 done
Comment 4 Thomas Kahle (RETIRED) gentoo-dev 2010-12-29 16:39:05 UTC 
x86 done.
Comment 5 Alex Buell 2010-12-29 22:00:51 UTC 
Tested on SPARC, works just fine. Please stabilise.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2010-12-30 15:29:47 UTC 
Stable for HPPA PPC SPARC.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2011-01-01 15:48:39 UTC 
alpha/ia64 stable
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-10 13:26:06 UTC 
ppc64 stable, security back to you
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-01-10 16:46:30 UTC 
Thanks, folks.

GLSA Vote: No, for client-side DoS.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-01-10 19:10:44 UTC 
No, too. Closing NOGLSA.