Candidate: CVE-2010-4528
PublicDate: 2011-01-07 12:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4528
 http://pidgin.im/news/security/?id=49
Description:
 directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in
 Pidgin before 2.7.9 allows remote authenticated users to cause a denial of
 service (NULL pointer dereference and application crash) via a short p2pv2
 packet in a DirectConnect (aka direct connection) session.
Ubuntu-Description: 
Notes: 
 mdeslaur> only affects 2.7.6-2.7.8
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031
upstream_pidgin: released (2.7.9)
dapper_pidgin: DNE
hardy_pidgin: not-affected (1:2.4.1-1ubuntu2.10)
karmic_pidgin: not-affected (1:2.6.2-1ubuntu7.3)
lucid_pidgin: not-affected (1:2.6.6-1ubuntu4.2)
maverick_pidgin: not-affected (1:2.7.3-1ubuntu3.2)
devel_pidgin: not-affected (1:2.7.9-1ubuntu1)