Quoting Jan Lieskovsky <jlieskov@redhat.com>: > [...] > Flaw description: > ----------------- > An out-of-memory denial of service flaw was found in the Pidgin's > OSCAR protocol implementation. If a remote ICQ user sent a web > message to the local Pidgin user using this protocol, it would lead to > excessive memory allocation and denial of service (Pidgin crash). > > Affected Pidgin versions: 2.4.0 <= Pidgin <= 2.5.7 >
net-im: Can we go stable with 2.5.8?
Sure, lets to stable
Alright. Arches, please test and mark stable: =net-im/pidgin-2.5.8 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86
ppc64 done
ppc done
Sparc stable.
Stable for HPPA.
x86 stable
amd64 stable
alpha/ia64 stable
Ready for vote. I vote YES.
client crash, I vote NO. just restart your client or don't use malicious icq servers.
MITM would be possible and could lead to a connection to an evil server, but if you can do MITM already you can use other means for DOS anyways. So, I vote NO, too. Closing.
I first read server instead of user. Doesn't matter, it's still only a client crash.
Since a GLSA has been drafted for a few other issues, this could easily be included.
GLSA 200910-02, thanks everyone.