After the source:
Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code.
Reproducible: Didn't try
+*pidgin-2.10.5 (06 Jul 2012)
+ 06 Jul 2012; Lars Wendler <email@example.com> +pidgin-2.10.5.ebuild:
+ Security bump (bug #425076).
2.10.6 fixes a bug which was introduced with 2.10.5
+*pidgin-2.10.6 (09 Jul 2012)
+ 09 Jul 2012; Lars Wendler <firstname.lastname@example.org> -pidgin-2.10.5.ebuild,
+ non-maintainer commit: Version bump. Removed "old".
Thanks for the report, Andrzej.
@net-im, may we proceed to stabilize =net-im/pidgin-2.10.6 ?
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in
Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a
crafted inline image in a message.
Will it be stabilized anytime soon?
x86 stable, thanks.
Stable for HPPA.
ppc64 stable, last arch done
Filing a new GLSA request.
This issue was resolved and addressed in
GLSA 201209-17 at http://security.gentoo.org/glsa/glsa-201209-17.xml
by GLSA coordinator Sean Amoss (ackle).