PublicDate: 2008-07-01 22:41:00 UTC
Candidate: CVE-2008-2957
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957
 https://ubuntu.com/security/notices/USN-675-1
Description:
 The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows
 remote attackers to trigger the download of arbitrary files and cause a
 denial of service (memory or disk consumption) via a UDP packet that
 specifies an arbitrary URL.
Ubuntu-Description:
Notes:
 mdeslaur> UPnP is not in Dapper, no not affected
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/434563a4b8fadb9593c241db4bb5ffd0bf2c0627
upstream_pidgin: released (2.4.3-4)
dapper_pidgin: DNE
feisty_pidgin: DNE
gutsy_pidgin: released (1:2.2.1-1ubuntu4.3)
hardy_pidgin: released (1:2.4.1-1ubuntu2.2)
intrepid_pidgin: not-affected (1:2.5.2-0ubuntu1)
devel_pidgin: not-affected (1:2.5.2-0ubuntu1)

Patches_gaim:
upstream_gaim: released (2.4.3-4)
dapper_gaim: not-affected (1:1.5.0+1.5.1cvs20051015-1ubuntu10)
feisty_gaim: needs-triage (reached end-of-life)
gutsy_gaim: DNE
hardy_gaim: DNE
intrepid_gaim: DNE
devel_gaim: DNE