Source: pidgin Version: 2.6.4-1 Severity: grave Tags: security Hi,
A vulnerability has been discovered in Pidgin. Here's the description Secunia's SA37953 advisory: > Fabian Yamaguchi has discovered a vulnerability in Pidgin, which can be > exploited by malicious people to disclose sensitive information. > > The vulnerability is caused due to an error in the implementation of the > custom smileys feature for MSN. This can be exploited to disclose the > content of arbitrary files via an MSN emoticon request containing directory > traversal sequences. > > Successful exploitation may require that at least one custom smiley is > defined. > > The vulnerability is confirmed in version 2.6.4. Other versions may also be > affected. If you fix this vulnerability please include the CVE id when one is assigned. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
