Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6483

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

Related bugs and status

CVE-2013-6483 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

Bug #1365548: Pidgin security updates

Summary				In	Importance	Status
	1365548	Pidgin security updates		Linux Mint	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
DEBIAN: DSA-2859
REDHAT: RHSA-2014:0139
SUSE: openSUSE-SU-2014:0239
UBUNTU: USN-2100-1
SUSE: openSUSE-SU-2014:0326