Package: pidgin Version: 2.4.3-4lenny2 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pidgin.
CVE-2009-1889[0]: | The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets | the ICQWebMessage message type as the ICQSMS message type, which | allows remote attackers to cause a denial of service (application | crash) via a crafted ICQ web message that triggers allocation of a | large amount of memory. More info can be found in redhat bug [1]. Please coordinate with the security team to prepare updates for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889 http://security-tracker.debian.net/tracker/CVE-2009-1889 [1] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
