CVE-2010-0420

Published: 18 February 2010

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (1:2.4.1-1ubuntu2.9)
	intrepid	Released (1:2.5.2-0ubuntu1.7)
	jaunty	Released (1:2.5.5-1ubuntu8.6)
	karmic	Released (1:2.6.2-1ubuntu7.2)
	upstream	Released (2.6.6)
	Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/0085c32abf29d034d30feef1ffb1d483e316a9a8 upstream: http://developer.pidgin.im/viewmtn/revision/info/ab4716ed6857f669ceb0296e5480729aafba2e9f

References

Bugs

http://developer.pidgin.im/ticket/11318

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›