Summary: | <net-im/pidgin-2.10.6: MXit buffer overflow (CVE-2012-3374) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | ChaosEngine <andrzej.pauli> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mrueg, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.pidgin.im/news/security/index.php?id=64 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
ChaosEngine
2012-07-06 16:03:34 UTC
+*pidgin-2.10.5 (06 Jul 2012) + + 06 Jul 2012; Lars Wendler <polynomial-c@gentoo.org> +pidgin-2.10.5.ebuild: + Security bump (bug #425076). + 2.10.6 fixes a bug which was introduced with 2.10.5 +*pidgin-2.10.6 (09 Jul 2012) + + 09 Jul 2012; Lars Wendler <polynomial-c@gentoo.org> -pidgin-2.10.5.ebuild, + +pidgin-2.10.6.ebuild: + non-maintainer commit: Version bump. Removed "old". + Thanks for the report, Andrzej. @net-im, may we proceed to stabilize =net-im/pidgin-2.10.6 ? CVE-2012-3374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3374): Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. Will it be stabilized anytime soon? go stable! x86 stable, thanks. ppc done Stable for HPPA. amd64 stable alpha/ia64/sparc stable ppc64 stable, last arch done Thanks, everyone. Filing a new GLSA request. This issue was resolved and addressed in GLSA 201209-17 at http://security.gentoo.org/glsa/glsa-201209-17.xml by GLSA coordinator Sean Amoss (ackle). |