reopen 488632 severity 488632 normal thanks While I do agree that the remaining issues (CVE-2008-2957, CVE-2008-2956) are not RC bugs, I still believe they should be addressed. Thus, I reopened the bug and lowered the severity to normal.
From what I've read, only people in the buddy list can trigger the arbitrary file download (CVE-2008-2957) and until now it is not clear what happens to the file, once it is downloaded. Therefore, it is only a bandwidth issue. The other issue (CVE-2008-2956) can only be exploited, when the client is connecting to a server that either does not check for malformed XML or send them. Therefore, it could (under certain circumstances) be used to perform a DoS. Now, we are still talking about a messanging client after all and thus the issues are not severe. Nonetheless, it would be interesting to find out, what happens to an arbitrary file, once it is downloaded. Cheers Steffen P.S. Did you check the proposed patches[0][1] yet? [0]: http://crisp.cs.du.edu/crisp-files/pidgin-2.0.0-upnp-limit-download.diff [1]: http://crisp.cs.du.edu/crisp-files/pidgin-2.0.0-xmlnode-pool-leak.diff
signature.asc
Description: This is a digitally signed message part.
