1
PublicDateAtUSN: 2016-06-23
2
Candidate: CVE-2016-2377
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2377
6
http://www.talosintel.com/reports/TALOS-2016-0119/
7
http://www.pidgin.im/news/security/?id=93
8
https://usn.ubuntu.com/usn/usn-3031-1
10
A buffer overflow vulnerability exists in the handling of the MXIT protocol
11
in Pidgin. Specially crafted MXIT data sent by the server could potentially
12
result in an out-of-bounds write of one byte. A malicious server can send a
13
negative content-length in response to a HTTP request triggering the
19
Discovered-by: Yves Younan
23
upstream: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
24
upstream_pidgin: released (2.11.0-1)
25
precise_pidgin: released (1:2.10.3-0ubuntu1.7)
26
trusty_pidgin: released (1:2.10.9-0ubuntu3.3)
27
vivid/stable-phone-overlay_pidgin: DNE
28
vivid/ubuntu-core_pidgin: DNE
29
wily_pidgin: released (1:2.10.11-0ubuntu4.2)
30
xenial_pidgin: released (1:2.10.12-0ubuntu5.1)
31
devel_pidgin: released (1:2.10.12-0ubuntu6)