Bug#664030: [CVE-2012-1178] pidgin: Possible MSN remote crash

2012-03-18 Thread Ari Pollak
FYI this is the patch that would have to be backported: http://developer.pidgin.im/viewmtn/revision/info/18f2f94b625542348af0049e0132a83a1c58aef6 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664030: [CVE-2012-1178] pidgin: Possible MSN remote crash

2012-03-18 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.5) - use

Bug#664030: [CVE-2012-1178] pidgin: Possible MSN remote crash

2012-03-14 Thread Luciano Bello
Package: pidgin Severity: grave Tags: security patch The following vulnerability had been reported against pidgin: http://pidgin.im/news/security/?id=61 The patch can be found in the report. Please use CVE-2012-1178 for this issue. Can you check if stable is also affected? Cheers, luciano

Bug#664030: [CVE-2012-1178] pidgin: Possible MSN remote crash

2012-03-14 Thread Ari Pollak
It does appear that squeeze's libpurple0 is affected by this, though the patch doesn't apply cleanly. Technically, the possible crash is in the client code, and I don't think pidgin or finch exhibit this behavior; the original bug was against Adium for OS X, based on libpurple. I don't think