Format string security flaw in pidgin-otr
Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format
string security flaw. This flaw could potentially be exploited by
a remote attacker to cause arbitrary code to be executed on the user's
The flaw is in pidgin-otr, not in libotr. Other applications which use
libotr are not affected.
CVE-2012-2369 has been assigned to this issue.
The recommended course of action is to upgrade pidgin-otr to version
+*pidgin-otr-3.2.1 (17 May 2012)
+ 17 May 2012; Lars Wendler <firstname.lastname@example.org> +pidgin-otr-3.2.1.ebuild:
+ non-maintainer commit: Security bump (bug #416263).
Arches, please test and mark stable:
Target keywords : "amd64 ppc sparc x86"
sparc keywords dropped
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in
GLSA 201207-05 at http://security.gentoo.org/glsa/glsa-201207-05.xml
by GLSA coordinator Sean Amoss (ackle).