Bug#680661: pidgin: CVE-2012-3374: Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5

Sat, 07 Jul 2012 13:27:15 -0700 

Package: pidgin
Version: 2.7.3-1+squeeze2
Severity: important
Tags: security, confirmed, fixed-upstream

Pidgin 2.7.3-1+squeeze1 (at least) is affected by security vulnerability, which 
allows remote attackers to execute arbitrary code via a crafted inline image in 
a message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3374
Pidgin security advisory: http://www.pidgin.im/news/security/index.php?id=64
Changes: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42

This should be fixed as soon as possible.

- Henri Salo

-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pidgin depends on:
ii  gconf2             2.28.1-6              GNOME configuration database syste
ii  libatk1.0-0        1.30.0-1              The ATK accessibility toolkit
ii  libc6              2.11.3-3              Embedded GNU C Library: Shared lib
ii  libcairo2          1.8.10-6              The Cairo 2D vector graphics libra
ii  libdbus-1-3        1.2.24-4+squeeze1     simple interprocess messaging syst
ii  libdbus-glib-1-2   0.88-2.1              simple interprocess messaging syst
ii  libfontconfig1     2.8.0-2.1             generic font configuration library
ii  libfreetype6       2.4.2-2.1+squeeze4    FreeType 2 font engine, shared lib
ii  libglib2.0-0       2.24.2-1              The GLib library of C routines
ii  libgstreamer0.10-0 0.10.30-1             Core GStreamer libraries and eleme
ii  libgtk2.0-0        2.20.1-2              The GTK+ graphical user interface 
pn  libgtkspell0       <none>                (no description available)
ii  libice6            2:1.0.6-2             X11 Inter-Client Exchange library
ii  libpango1.0-0      1.28.3-1+squeeze2     Layout and rendering of internatio
pn  libpurple0         <none>                (no description available)
ii  libsm6             2:1.1.1-1             X11 Session Management library
ii  libstartup-notific 0.10-1                library for program launch feedbac
ii  libx11-6           2:1.3.3-4             X11 client-side library
ii  libxml2            2.7.8.dfsg-2+squeeze4 GNOME XML library
ii  libxss1            1:1.2.0-2             X11 Screen Saver extension library
ii  perl               5.10.1-17squeeze3     Larry Wall's Practical Extraction 
ii  perl-base [perlapi 5.10.1-17squeeze3     minimal Perl system
pn  pidgin-data        <none>                (no description available)

Versions of packages pidgin recommends:
ii  gstreamer0.10-plugins-base    0.10.30-1  GStreamer plugins from the "base" 
ii  gstreamer0.10-plugins-good    0.10.24-1  GStreamer plugins from the "good" 

Versions of packages pidgin suggests:
pn  evolution-data-server         <none>     (no description available)
pn  gnome-panel | kdebase-workspa <none>     (no description available)
ii  libsqlite3-0                  3.7.3-1    SQLite 3 shared library



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to