Summary: | <net-im/pidgin-2.6.3 ICQ and maybe AIM remote crash (CVE-2009-3615) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dani Soufi <danisoufi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | magowiz, net-im |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://pidgin.im/news/security/?id=41 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Dani Soufi
2009-10-16 10:55:10 UTC
It has been bumped, moving over to security for security bug Arches, please test and mark stable: =net-im/pidgin-2.6.2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Sorry, my tree wasn't new enough, so the tool got the wrong version. This is correct: Arches, please test and mark stable: =net-im/pidgin-2.6.3 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Stable on alpha, dragging a few necessary stabilizations along. Stable for HPPA. x86 stable net-libs/farsight2-0.0.15 was stabilized but it requires net-libs/libnice-0.0.9 and it is still ~x86 x86 stable amd64 stable CVE-2009-3615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3615): The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. ppc stable *ping* ppc64 done; i masked gstreamer use from pidgin which is what brought in farsight and subsequently libnice (which has a test failure). ia64/sparc stable GLSA vote: NO. NO too, closing. |