Quoting Jan Lieskovsky <firstname.lastname@example.org>:
> Flaw description:
> An out-of-memory denial of service flaw was found in the Pidgin's
> OSCAR protocol implementation. If a remote ICQ user sent a web
> message to the local Pidgin user using this protocol, it would lead to
> excessive memory allocation and denial of service (Pidgin crash).
> Affected Pidgin versions: 2.4.0 <= Pidgin <= 2.5.7
net-im: Can we go stable with 2.5.8?
Sure, lets to stable
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
Ready for vote. I vote YES.
client crash, I vote NO. just restart your client or don't use malicious icq servers.
MITM would be possible and could lead to a connection to an evil server, but if you can do MITM already you can use other means for DOS anyways.
So, I vote NO, too. Closing.
I first read server instead of user. Doesn't matter, it's still only a client crash.
Since a GLSA has been drafted for a few other issues, this could easily be included.
GLSA 200910-02, thanks everyone.