PublicDateAtUSN: 2011-08-29
Candidate: CVE-2011-3184
PublicDate: 2011-08-29 17:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3184
 http://www.openwall.com/lists/oss-security/2011/08/22/12
 http://pidgin.im/news/security/?id=54
 https://ubuntu.com/security/notices/USN-1273-1
Description:
 The msn_httpconn_parse_data function in httpconn.c in the MSN protocol
 plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP
 100 responses, which allows remote attackers to cause a denial of service
 (incorrect memory access and application crash) via vectors involving a
 crafted server message.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by: Marius Wachtler
Assigned-to: mdeslaur
CVSS: 

Patches_pidgin:
 other: http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1
upstream_pidgin: released (2.10.0-1)
hardy_pidgin: ignored (reached end-of-life)
lucid_pidgin: released (1:2.6.6-1ubuntu4.4)
maverick_pidgin: released (1:2.7.3-1ubuntu3.3)
natty_pidgin: released (1:2.7.11-1ubuntu2.1)
oneiric_pidgin: not-affected (1:2.10.0-0ubuntu2)
devel_pidgin: not-affected (1:2.10.0-0ubuntu2)