Candidate: CVE-2012-2369
PublicDate: 2012-05-23 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2369
Description:
 Format string vulnerability in the log_message_cb function in otr-plugin.c
 in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for
 Pidgin might allow remote attackers to execute arbitrary code via format
 string specifiers in data that generates a log message.
Ubuntu-Description:
Notes:
 sbeattie> should be mitigated by -D_FORTIFY_SOURCE=2
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154
 https://bugs.launchpad.net/ubuntu/+source/pidgin-otr/+bug/1000363
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin-otr:
 upstream: http://lists.cypherpunks.ca/pipermail/otr-announce/2012-May/000026.html
upstream_pidgin-otr: released (3.2.1)
hardy_pidgin-otr: ignored (reached end-of-life)
lucid_pidgin-otr: released (3.2.0-5ubuntu0.10.04.1)
natty_pidgin-otr: released (3.2.0-5ubuntu0.11.04.1)
oneiric_pidgin-otr: released (3.2.0-5ubuntu0.11.14.1)
precise_pidgin-otr: released (3.2.0-5ubuntu0.12.04.1)
devel_pidgin-otr: not-affected (3.2.1-1)