PublicDate: 2009-05-26 15:30:00 UTC
Candidate: CVE-2009-1376
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376
 https://ubuntu.com/security/notices/USN-781-2
 https://ubuntu.com/security/notices/USN-781-1
Description:
 Multiple integer overflows in the msn_slplink_process_msg functions in the
 MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2)
 libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6
 on 32-bit platforms allow remote attackers to execute arbitrary code via a
 malformed SLP message with a crafted offset value, leading to buffer
 overflows.  NOTE: this issue exists because of an incomplete fix for
 CVE-2008-2927.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/384222
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/9dd1c4c3db68a80dbf157a0c0bc0c723e42b7a6e
upstream_pidgin: released (2.5.6)
dapper_pidgin: DNE
feisty_pidgin: DNE
hardy_pidgin: released (1:2.4.1-1ubuntu2.4)
intrepid_pidgin: released (1:2.5.2-0ubuntu1.2)
jaunty_pidgin: released (1:2.5.5-1ubuntu8.1)
devel_pidgin: not-affected (1:2.5.6-1ubuntu1)

Patches_gaim:
upstream_gaim: released (2.5.6)
dapper_gaim: released (1:1.5.0+1.5.1cvs20051015-1ubuntu10.2)
gutsy_gaim: DNE
hardy_gaim: DNE
intrepid_gaim: DNE
jaunty_gaim: DNE
devel_gaim: DNE