Comment 2 for bug 666998

This bug was fixed in the package pidgin - 1:2.6.6-1ubuntu4.1

---------------
pidgin (1:2.6.6-1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/93_CVE-2010-1624.patch: make sure body is valid in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/plugins/perl/common/Util.xs,
      libpurple/protocols/{jabber/auth_digest_md5.c,msn/slp.c,
      myspace/message.c,oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden> Wed, 03 Nov 2010 08:51:08 -0400