Ubuntu
pidgin package

  1. Bug #158400
  2. Comment #7

Comment 7 for bug 158400

Revision history for this message
Stephan RĂ¼gamer (sruegamer) wrote :

pidgin (1:2.2.1-1ubuntu4.1) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #158400)
    + CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
      logging, allows remote attackers to cause a denial of service (NULL
      dereference and application crash) via a message that contains invalid HTML
      data, a different vector than CVE-2007-4996.
  * debian/patches/99_CVE-2007-4999.patch:
    - Applied patch by upstream
    - Link: http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
  * References:
    CVE-2007-4999
    http://developer.pidgin.im/ticket/3436

 -- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 16:32:57 +0100