1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
PublicDateAtUSN: 2011-03-14
Candidate: CVE-2011-1091
PublicDate: 2011-03-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
http://pidgin.im/news/security/?id=51
http://www.ubuntu.com/usn/usn-1273-1
Description:
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0
through 2.7.10 allows (1) remote authenticated users to cause a denial of
service (NULL pointer dereference and application crash) via a malformed
YMSG notification packet, and allows (2) remote Yahoo! servers to cause a
denial of service (NULL pointer dereference and application crash) via a
malformed YMSG SMS message.
Ubuntu-Description:
Notes:
mdeslaur> just a DoS
Bugs:
Priority: low
Discovered-by: Marius Wachtler
Assigned-to: mdeslaur
Patches_pidgin:
upstream: http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
vendor: https://rhn.redhat.com/errata/RHSA-2011-1371.html
upstream_pidgin: released (2.7.11)
dapper_pidgin: DNE
hardy_pidgin: ignored (reached end-of-life)
karmic_pidgin: ignored (reached end-of-life)
lucid_pidgin: released (1:2.6.6-1ubuntu4.4)
maverick_pidgin: released (1:2.7.3-1ubuntu3.3)
natty_pidgin: released (1:2.7.11-1ubuntu1)
oneiric_pidgin: released (1:2.7.11-1ubuntu1)
devel_pidgin: released (1:2.7.11-1ubuntu1)
|