Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 31 Dec 2010 12:54:48 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        John Bailey <rekkanoryo@...kanoryo.org>,
        Stu Tomlinson <stu@...nilmot.com>, Matthew Barnes <mbarnes@...hat.com>
Subject: Re: CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 --
 MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a
 short P2P message

On 12/27/2010 07:09 PM, Jan Lieskovsky wrote:
> Hello Josh, Steve, vendors,
> 
>   Pidgin upstream has released the latest v2.7.9 version:
>   [1] http://pidgin.im/pipermail/support/2010-December/009251.html
> 
>   addressing one security flaw in the MSN protocol:
>   [2] http://pidgin.im/news/security/?id=49
> 
>   Upstream changeset:
>   [3]
> http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031
> 

This has been assigned CVE-2010-4528

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ