From $URL: Title purple_base64_decode() remote crashes CVE Name CVE-2010-3711 Discovered By Daniel Atallah Summary Multiple remotely-triggered denials of service Description It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service. Fixed in Revision b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc Fixed in Version 2.7.4
New version was just added to the tree. Arch teams, please, go ahead.
x86 stable
good on amd64.
amd64 done. Thanks Agostino
Stable for HPPA.
Stable for PPC.
ppc64 done
alpha/ia64/sparc stable
Thanks, folks. GLSA Vote: Yes, unauthenticated remote DoS in popular client software.
Vote: NO. Client DoS only.
Client crash is hardly a security issue so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.