FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libpurple -- multiple vulnerabilities

Affected packages
libpurple < 2.10.7

Details

VuXML ID 549787c1-8916-11e2-8549-68b599b52a02
Discovery 2013-02-13
Entry 2013-03-10
Modified 2013-03-16

Pidgin reports:

libpurple

Fix a crash when receiving UPnP responses with abnormally long values.

MXit

Fix two bugs where a remote MXit user could possibly specify a local file path to be written to.

Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.

Sametime

Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.

References

CVE Name CVE-2013-0271
CVE Name CVE-2013-0272
CVE Name CVE-2013-0273
CVE Name CVE-2013-0274
URL https://developer.pidgin.im/wiki/ChangeLog