Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 197580 (CVE-2007-4999) - net-im/pidgin HTML logging remote DoS (CVE-2007-4999)
Summary: net-im/pidgin HTML logging remote DoS (CVE-2007-4999)
Status: RESOLVED DUPLICATE of bug 197006
Alias: CVE-2007-4999
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://www.pidgin.im/news/security/?i...
Whiteboard: B3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-31 01:30 UTC by Robert Buchholz (RETIRED)
Modified: 2007-10-31 01:54 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 01:30:20 UTC 
CVE-2007-4999 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4999):
  libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows
  remote attackers to cause a denial of service (NULL dereference and
  application crash) via a message that contains invalid HTML data, a different
  vector than CVE-2007-4996.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 01:32:37 UTC 
Low impact. Net-Im, if you want this to go stable, please say so.
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2007-10-31 01:45:49 UTC 
This seems very much like a duplicate of #197006.. And one of you said it wasn't security... so its gonna wait one month... unless someone comes with a convincing reason to expedite it.

*** This bug has been marked as a duplicate of bug 197006 ***
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 01:54:30 UTC 
... right, where's my mind? :-)