PublicDateAtUSN: 2014-02-03
Candidate: CVE-2013-6487
PublicDate: 2014-02-06 17:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
 https://ubuntu.com/security/notices/USN-2100-1
 https://ubuntu.com/security/notices/USN-2101-1
Description:
 Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg)
 parser in Pidgin before 2.10.8 allows remote attackers to have an
 unspecified impact via a large Content-Length value, which triggers a
 buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Yves Younan and Ryan Pentney
Assigned-to: mdeslaur
CVSS: 

Patches_pidgin:
 upstream: http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0
upstream_pidgin: released (2.10.8-1)
lucid_pidgin: ignored (reached end-of-life)
precise_pidgin: released (1:2.10.3-0ubuntu1.4)
quantal_pidgin: released (1:2.10.6-0ubuntu2.3)
saucy_pidgin: released (1:2.10.7-0ubuntu4.1.13.10.1)
devel_pidgin: released (1:2.10.9-0ubuntu1)

Patches_libgadu:
upstream_libgadu: released (1:1.11.3-1)
lucid_libgadu: ignored (reached end-of-life)
precise_libgadu: released (1:1.11.1-1ubuntu0.1)
quantal_libgadu: released (1:1.11.2-1ubuntu0.12.10.1)
saucy_libgadu: released (1:1.11.2-1ubuntu1.1)
devel_libgadu: not-affected (1:1.11.3-1)