Debian Security Advisory
DSA-3055-1 pidgin -- security update
- Date Reported:
- 23 Oct 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698.
- More information:
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:
It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates.
Yves Younan and Richard Johnson discovered that emoticons with overly large length values could crash Pidgin.
Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin.
Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure.
For the stable distribution (wheezy), these problems have been fixed in version 2.10.10-1~deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 2.10.10-1.
We recommend that you upgrade your pidgin packages.