PublicDateAtUSN: 2013-02-16
Candidate: CVE-2013-0274
PublicDate: 2013-02-16 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
 http://www.pidgin.im/news/security/?id=68
 https://ubuntu.com/security/notices/USN-1746-1
Description:
 upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate
 long strings in UPnP responses, which allows remote attackers to cause a
 denial of service (application crash) by leveraging access to the local
 network.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_pidgin:
 upstream: http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3
upstream_pidgin: released (2.10.6-3, 2.10.7)
hardy_pidgin: ignored (reached end-of-life)
lucid_pidgin: released (1:2.6.6-1ubuntu4.6)
oneiric_pidgin: released (1:2.10.0-0ubuntu2.2)
precise_pidgin: released (1:2.10.3-0ubuntu1.3)
quantal_pidgin: released (1:2.10.6-0ubuntu2.2)
devel_pidgin: not-affected (1:2.10.7-0ubuntu1)