Overview Details Repositories Revisions Requests Users Attributes Meta
pidgin: security update to version 2.10.1

pidgin was updated to version 2.10.1
+ AIM and ICQ:
- Fix remotely-triggerable crashes by validating strings in a
few messages related to buddy list management (bnc#736147,
CVE-2011-4601).
+ Bonjour:
- IPv6 fixes
+ Gadu-Gadu:
- Fix problems linking against GnuTLS.
+ IRC:
- Fix a memory leak when admitting UTF-8 text with a non-UTF-8
primary encoding.
+ Jabber:
- Fix crashes and memory leaks when receiving malformed voice
and video requests.
+ Sametime:
- Separate "username" and "server" when adding new Sametime
accounts.
- Fix compilation in Visual C++.
+ SILC:
- Fix CVE-2011-3594, by UTF-8 validating incoming messages
before passing them to glib or libpurple.
+ Yahoo!:
- Fetch buddy icons in some cases where we previously weren't.

Fixed bugs
CVE-CVE-2011-3594
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of inv
CVE-CVE-2011-4601
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2)
bnc#736147
VUL-0: pidgin crash in oscar protocol
bnc#722199
VUL-0: libpurple vulnerability in SILC protocol handling
Selected Binaries
openSUSE Build Service is sponsored by
Places