FS#15990 : [pidgin] MSN overflow parsing SLP messages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#15990 - [pidgin] MSN overflow parsing SLP messages

Attached to Project: Arch Linux
Opened by ricsch (ricsch) - Wednesday, 19 August 2009, 13:47 GMT
Last edited by Jan de Groot (JGC) - Friday, 04 September 2009, 20:15 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
http://www.pidgin.im/news/security/?id=34
http://www.coresecurity.com/content/libpurple-arbitrary-write

Additional info:
* package version(s):
versions <2.5.9 are affected

Please update to version 2.6.1 immediately to fix the security hole.

This task depends upon

Closed by Jan de Groot (JGC)
Friday, 04 September 2009, 20:15 GMT
Reason for closing: Fixed
Additional comments about closing: Pidgin is updated.

Comments (2)
Related Tasks (0/0)

Comment by Thomas Dziedzic (tomd123) - Wednesday, 19 August 2009, 13:55 GMT

http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

READ THIS!

FTA: "Reasons for not being a bug ... # A package which is not-up-to-date. Use the Flag Package Out-of-Date feature on Arch's packages website."

Comment by ricsch (ricsch) - Wednesday, 19 August 2009, 14:01 GMT

It's already flagged out-of-date. But normally the maintainer needs quite a lot time to push a new package to the repo. This report should show the urgency.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#15990 - [pidgin] MSN overflow parsing SLP messages

Details

Loading...