update for pidgin
Remote users could crash pidgin via ICQ, SILC, XMPP and Yahoo protocols
Fixed bugs
bnc#736147
VUL-0: pidgin crash in oscar protocol
bnc#736189
VUL-1: CVE-2011-1091: pidgin: multiple NULL pointer dereference flaws in Yahoo protocol plug-in
bnc#736161
VUL-0: CVE-2011-4603: pidgin: SILC remote crash on channel messages
bnc#736162
VUL-1: CVE-2011-4602: pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in
CVE-CVE-2011-4601
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2)
CVE-CVE-2011-4603
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via
CVE-CVE-2011-1091
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2
CVE-CVE-2011-4602
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
