Candidate: CVE-2010-2528
PublicDate: 2010-07-30 13:26:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528
 http://pidgin.im/news/security/?id=47
Description:
 The clientautoresp function in family_icbm.c in the oscar protocol plugin
 in libpurple in Pidgin before 2.7.2 allows remote authenticated users to
 cause a denial of service (NULL pointer dereference and application crash)
 via an X-Status message that lacks the expected end tag for a (1) desc or
 (2) title element.
Ubuntu-Description:
Notes:
 mdeslaur> 2.7.x only, code isn't present in earlier versions
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
upstream_pidgin: released (2.7.2)
dapper_pidgin: DNE
hardy_pidgin: not-affected (1:2.4.1-1ubuntu2.9)
jaunty_pidgin: ignored (reached end-of-life)
karmic_pidgin: not-affected (1:2.6.2-1ubuntu7.2)
lucid_pidgin: not-affected (1:2.6.6-1ubuntu4)
maverick_pidgin: not-affected
devel_pidgin: not-affected