pidgin-otr security fix
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin-otr (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
intrigeri has discovered a format string bug in the most recently packaged versions of pidgin-otr; I've tested the patch and built fixed packages, it's quite simple and the patch is as follows:
- --- a/otr-plugin.c
+++ b/otr-plugin.c
@@ -296,7 +296,7 @@ static void still_secure_
static void log_message_cb(void *opdata, const char *message)
{
- - purple_
+ purple_
}
static int max_message_
There are two easy ways to fix this - the first is to simply bump all pidgin-otr packages to the newest version:
Source code:
http://
gpg signature:
http://
git repository:
git:
The other is to apply the fix above.
Read more about this bug on the OTR mailing list:
http://
visibility: | private → public |
affects: | netbeans (Ubuntu) → pidgin-otr (Ubuntu) |
This is also a debian bug: bugs.debian. org/cgi- bin/bugreport. cgi?bug= 673154
http://