1
PublicDateAtUSN: 2014-10-23
2
Candidate: CVE-2014-3698
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3698
6
http://www.pidgin.im/news/security/?id=90
7
https://usn.ubuntu.com/usn/usn-2390-1
9
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin
10
in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain
11
sensitive information from process memory via a crafted XMPP message.
16
Discovered-by: Thijs Alkemade and Paul Aurich
20
upstream: https://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc
21
upstream_pidgin: released (2.10.10-1)
22
lucid_pidgin: ignored (reached end-of-life)
23
precise_pidgin: released (1:2.10.3-0ubuntu1.6)
24
trusty_pidgin: released (1:2.10.9-0ubuntu3.2)
25
utopic_pidgin: released (1:2.10.9-0ubuntu7.1)
26
devel_pidgin: released (1:2.10.9-0ubuntu8)