Bug#572946: qutecom: multiple vulnerabilities
michael.s.gilbert at gmail.com
Sun Mar 7 19:43:13 UTC 2010
the following CVE (Common Vulnerabilities & Exposures) ids were
published for pidgin. Since qutecom embeds libpurple, it may also be
affected. I have not checked this myself, so please do so, and close
the bug if you find the package to be not affected.
| gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a
| denial of service (CPU consumption and application hang) by sending
| many smileys in a (1) IM or (2) chat.
| libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user
| chat (MUC) room is used, does not properly parse nicknames containing
| <br> sequences, which allows remote attackers to cause a denial of
| service (application crash) via a crafted nickname.
| slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6,
| including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a
| denial of service (memory corruption and application crash) or
| possibly have unspecified other impact via a malformed MSNSLP INVITE
| request in an SLP message, a different issue than CVE-2010-0013.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
More information about the Pkg-voip-maintainers