From $URL: Format string security flaw in pidgin-otr Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine. The flaw is in pidgin-otr, not in libotr. Other applications which use libotr are not affected. CVE-2012-2369 has been assigned to this issue. The recommended course of action is to upgrade pidgin-otr to version 3.2.1 immediately.
+*pidgin-otr-3.2.1 (17 May 2012) + + 17 May 2012; Lars Wendler <polynomial-c@gentoo.org> +pidgin-otr-3.2.1.ebuild: + non-maintainer commit: Security bump (bug #416263). +
Thanks, Lars. Arches, please test and mark stable: =x11-plugins/pidgin-otr-3.2.1 Target keywords : "amd64 ppc sparc x86"
amd64 stable
x86 stable
ppc done
sparc keywords dropped
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in GLSA 201207-05 at http://security.gentoo.org/glsa/glsa-201207-05.xml by GLSA coordinator Sean Amoss (ackle).