PublicDate: 2008-07-01 22:41:00 UTC
Candidate: CVE-2008-2955
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955
 http://developer.pidgin.im/ticket/6246
 https://ubuntu.com/security/notices/USN-675-1
Description:
 Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash)
 via a long filename that contains certain characters, as demonstrated using
 an MSN message that triggers the crash in the msn_slplink_process_msg
 function.
Ubuntu-Description:
Notes:
 mdeslaur> Code in Dapper doesn't look vulnerable
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/3008474548ddd234f222ed5a0be3066e2ea0da0b
upstream_pidgin: released (2.5.0)
dapper_pidgin: DNE
feisty_pidgin: DNE
gutsy_pidgin: released (1:2.2.1-1ubuntu4.3)
hardy_pidgin: released (1:2.4.1-1ubuntu2.2)
intrepid_pidgin: not-affected (1:2.5.2-0ubuntu1)
devel_pidgin: not-affected (1:2.5.2-0ubuntu1)

Patches_gaim:
upstream_gaim: released (2.5.0)
dapper_gaim: not-affected (1:1.5.0+1.5.1cvs20051015-1ubuntu10)
feisty_gaim: needs-triage (reached end-of-life)
gutsy_gaim: DNE
hardy_gaim: DNE
intrepid_gaim: DNE
devel_gaim: DNE