oss-sec mailing list archives
Re: Re: CVE Request (pidgin)
From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 3 Jul 2008 13:21:15 -0600
* [2008-07-01 17:25:40 -0400] Steven M. Christey wrote:
====================================================== Name: CVE-2008-2956 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2956 Reference: MISC:http://crisp.cs.du.edu/?q=ca2007-1 Reference: MLIST:[oss-security] 20080627 CVE Request (pidgin) Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/27/3 Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. ====================================================== Name: CVE-2008-2957 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957 Reference: MISC:http://crisp.cs.du.edu/?q=ca2007-1 Reference: MLIST:[oss-security] 20080627 CVE Request (pidgin) Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/27/3 The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
There are patches with the original advisory for these two. Has anyone had a chance to look at them to make sure they're ok? I don't see any references to any of these issues on the pidgin website and no vendors have issued pidgin updates for these that I can see, so I'm wondering if anyone has looked at these patches (be it vendors or upstream) to determine whether or not they're sufficient and/or suitable to apply to a security update. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- Re: CVE Request (pidgin) Steven M. Christey (Jul 01)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Robert Buchholz (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 03)
- Re: Re: CVE Request (pidgin) Vincent Danen (Jul 03)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 05)
- Re: Re: CVE Request (pidgin) Vincent Danen (Jul 08)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 05)
- <Possible follow-ups>
- CVE Request (pidgin) Josh Bressers (Aug 05)
- Re: CVE Request (pidgin) Steven M. Christey (Aug 07)