[v2.4] pidgin: multiple vulnerabilies
New version of pidgin has been released recently that fixes multiple security issues. Upgrade from version 2.10.7 is necessary for all the Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
(from redmine: issue id 2678, created on 2014-02-06, closed on 2014-03-03)
- Relations:
- parent #2677 (closed)
- Changesets:
- Revision 6c587ad3 by Natanael Copa on 2014-03-03T11:22:54Z:
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2678
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding