PublicDateAtUSN: 2016-06-23
Candidate: CVE-2016-2368
PublicDate: 2017-01-06 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2368
 http://www.talosintel.com/reports/TALOS-2016-0136/
 http://www.pidgin.im/news/security/?id=101
 https://ubuntu.com/security/notices/USN-3031-1
Description:
 Multiple memory corruption vulnerabilities exist in the handling of the
 MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server
 could result in multiple buffer overflows, potentially resulting in code
 execution or memory disclosure.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Yves Younan
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_pidgin:
 upstream: https://bitbucket.org/pidgin/main/commits/f6efc254e947
 upstream: https://bitbucket.org/pidgin/main/commits/60f95045db42
upstream_pidgin: released (2.11.0-1)
precise_pidgin: released (1:2.10.3-0ubuntu1.7)
trusty_pidgin: released (1:2.10.9-0ubuntu3.3)
trusty/esm_pidgin: released (1:2.10.9-0ubuntu3.3)
vivid/stable-phone-overlay_pidgin: DNE
vivid/ubuntu-core_pidgin: DNE
wily_pidgin: released (1:2.10.11-0ubuntu4.2)
xenial_pidgin: released (1:2.10.12-0ubuntu5.1)
devel_pidgin: released (1:2.10.12-0ubuntu6)