Summary: | <net-im/pidgin-2.5.8: Remote Oscar protocol DoS (CVE-2009-1889) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | magowiz, net-im |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://developer.pidgin.im/ticket/9483 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-06-30 20:41:44 UTC
net-im: Can we go stable with 2.5.8? Sure, lets to stable Alright. Arches, please test and mark stable: =net-im/pidgin-2.5.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ppc64 done ppc done Sparc stable. Stable for HPPA. x86 stable amd64 stable alpha/ia64 stable Ready for vote. I vote YES. client crash, I vote NO. just restart your client or don't use malicious icq servers. MITM would be possible and could lead to a connection to an evil server, but if you can do MITM already you can use other means for DOS anyways. So, I vote NO, too. Closing. I first read server instead of user. Doesn't matter, it's still only a client crash. Since a GLSA has been drafted for a few other issues, this could easily be included. GLSA 200910-02, thanks everyone. |