Comment 9 for bug 501089

This bug was fixed in the package pidgin - 1:2.6.2-1ubuntu7.1

---------------
pidgin (1:2.6.2-1ubuntu7.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/63_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/64_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-0013
 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2010 11:22:13 -0500