Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: Pidgin crash
From: Mark Doliner <mark () kingant net>
Date: Fri, 9 Dec 2011 18:08:19 -0800

Hi!  Would it be possible to issue a CVE for a newish crash in Pidgin?
 This is a remotely-triggerable crash in the oscar protocol (used by
the AIM and ICQ plugins) when handling incoming buddy list-related
SNACs.  I do not believe remote-code execution is possible.  It was
discovered by Evgeny Boger and reported on our public issue tracker at
http://developer.pidgin.im/ticket/14682  I do not believe a CVE exists
for this yet.

The Pidgin project will be releasing version 2.10.1 tomorrow and it
will include a fix for this issue.

Thanks (and sorry for sending this at the beginning of your weekends!),

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]