pidgin: multiple DoS flaws fixed
Various remote triggerable crashes in pidgin were fixed.
CVE-2012-1178: In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text ().
CVE-2012-1178/CVE-2012-2318: Incoming messages with certain characters or character encodings can cause clients to crash.
CVE-2012-2214: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.
-
Submitted by
Matthias Weckbecker (mweckbecker)
Fixed bugs
bnc#761155
VUL-0: CVE-2012-2318: pidgin: remote crash via specially-crafted MSN notification message
bnc#752275
VUL-0: pidgin: MSN remote crash
bnc#760890
VUL-0: pidgin: remotely triggerable crash
bnc#752274
VUL-0: pidgin: XMPP remote crash
