CVE-2010-3711 security vulnerability in pidgin < 2.7.4
Bug #666998 reported by
elrond
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: pidgin
Pidgin 2.7.4 fixes CVE-2010-3711. Description: "It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_
References:
http://
http://
visibility: | private → public |
Changed in pidgin (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in pidgin (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in pidgin (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in pidgin (Ubuntu Karmic): | |
importance: | Undecided → Medium |
Changed in pidgin (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in pidgin (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in pidgin (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in pidgin (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in pidgin (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in pidgin (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in pidgin (Ubuntu Natty): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package pidgin - 1:2.7.3-1ubuntu3.1
--------------- 3-1ubuntu3. 1) maverick-security; urgency=low
pidgin (1:2.7.
* SECURITY UPDATE: denial of service via base64 decoding (LP: #666998) patches/ 61_CVE- 2010-3711. patch: correctly handle base64_ decode return codes in libpurple/ntlm.c, /plugins/ perl/common/ Util.xs, /protocols/ {jabber/ auth_digest_ md5.c,msn/ slp.c, message. c,oscar/ clientlogin. c,qq/im. c,yahoo/ libymsg. c}.
- debian/
purple_
libpurple
libpurple
myspace/
- CVE-2010-3711
-- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 17:17:40 -0400