mailing list archives
CVE request: Pidgin crash
From: Mark Doliner <mark () kingant net>
Date: Fri, 9 Dec 2011 18:08:19 -0800
Hi! Would it be possible to issue a CVE for a newish crash in Pidgin?
This is a remotely-triggerable crash in the oscar protocol (used by
the AIM and ICQ plugins) when handling incoming buddy list-related
SNACs. I do not believe remote-code execution is possible. It was
discovered by Evgeny Boger and reported on our public issue tracker at
http://developer.pidgin.im/ticket/14682 I do not believe a CVE exists
for this yet.
The Pidgin project will be releasing version 2.10.1 tomorrow and it
will include a fix for this issue.
Thanks (and sorry for sending this at the beginning of your weekends!),
- CVE request: Pidgin crash Mark Doliner (Dec 10)