PublicDateAtUSN: 2009-09-08
Candidate: CVE-2009-3083
PublicDate: 2009-09-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083
 http://pidgin.im/news/security/?id=39
 https://ubuntu.com/security/notices/USN-886-1
Description:
 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN
 protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers
 to cause a denial of service (NULL pointer dereference and application
 crash) via an SLP invite message that lacks certain required fields, as
 demonstrated by a malformed message from a KMess client.
Ubuntu-Description:
Notes:
Bugs:
 http://developer.pidgin.im/ticket/10159
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd
upstream_pidgin: released (2.6.2)
dapper_pidgin: DNE
hardy_pidgin: released (1:2.4.1-1ubuntu2.8)
intrepid_pidgin: released (1:2.5.2-0ubuntu1.6)
jaunty_pidgin: released (1:2.5.5-1ubuntu8.5)
karmic_pidgin: not-affected (1:2.6.2-1ubuntu2)
devel_pidgin: not-affected (1:2.6.2-1ubuntu2)