Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#48537 - [pidgin-otr] CVE-2015-8833: Security issue in pidgin-otr < 4.0.2
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Friday, 11 March 2016, 11:39 GMT
Last edited by Lukas Fleischer (lfleischer) - Saturday, 12 March 2016, 14:28 GMT
Opened by Remi Gacogne (rgacogne) - Friday, 11 March 2016, 11:39 GMT
Last edited by Lukas Fleischer (lfleischer) - Saturday, 12 March 2016, 14:28 GMT
|
DetailsHi,
pidgin-otr 4.0.2 has been released[1], fixing a security issue (heap-based use-after-free)[2] in Socialist Millionaire Protocol (SMP) handling that might lead to remote code execution: [1]: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000063.html [2]: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html |
This task depends upon
Closed by Lukas Fleischer (lfleischer)
Saturday, 12 March 2016, 14:28 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 4.0.2-1.
Saturday, 12 March 2016, 14:28 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 4.0.2-1.