There exists a buffer overflow in the 2.5.8 (and below) prpl. 2.5.9 and 2.6.0 Reproducible: Always Steps to Reproduce: 1. Send specially crafted SLP messages consecutively 2. Cause buffer overflow 3. Take control of system or cause crash Pidgin should be bumped to 2.5.9 and 2.6.0.
Top line of the description was meant to say "2.5.9 and 2.6.0 are immune". Apologies.
I'm about to d/l 2.6.0; how's it working for you? (given it's a zero-day, I'm always leery about "surprises" that might have gotten into the code :-) )
*** This bug has been marked as a duplicate of bug 281545 ***
(In reply to comment #2) > I'm about to d/l 2.6.0; how's it working for you? > > (given it's a zero-day, I'm always leery about "surprises" that might have > gotten into the code :-) ) > Very well, pity that MSN audio/video isn't working (though voice clips thereon are). Just need to add: farsight to USE farsight? ( media-plugins/gst-plugins-farsight >=net-libs/farsight2-0.0.9 ) $(use_enable farsight vv) \ ...and of course: :P # strip-flags # replace-flags -O? -O2
(In reply to comment #4) > ...and of course: :P > # strip-flags > # replace-flags -O? -O2 > er... I don't understand this ? Otherwise, are voice and/or video working on other protocols? TIA
Can you please discuss this via email, IRC or somehow else? We don't really need the bugmail. Thanks.