[Bug 1000363] [NEW] CVE-2012-2369: Format string security vulnerability

[Felix Geyer]

*** This bug is a security vulnerability ***

Public security bug reported:

the following CVE (Common Vulnerabilities & Exposures) id was
published for pidgin-otr.

CVE-2012-2369[0]:
| Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format
| string security flaw.  This flaw could potentially be exploited by
| a remote attacker to cause arbitrary code to be executed on the user's
| machine.

** Affects: pidgin-otr (Ubuntu)
     Importance: High
         Status: New

** Affects: pidgin-otr (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: pidgin-otr (Ubuntu Natty)
     Importance: Undecided
         Status: New

** Affects: pidgin-otr (Ubuntu Oneiric)
     Importance: Undecided
         Status: New

** Affects: pidgin-otr (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: pidgin-otr (Ubuntu Quantal)
     Importance: High
         Status: New

** Affects: pidgin-otr (Debian)
     Importance: Unknown
         Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2369

** Visibility changed to: Public

** Also affects: pidgin-otr (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: pidgin-otr (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: pidgin-otr (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: pidgin-otr (Ubuntu Quantal)
   Importance: High
       Status: New

** Also affects: pidgin-otr (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Bug watch added: Debian Bug tracker #673154
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154

** Also affects: pidgin-otr (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1000363

Title:
  CVE-2012-2369: Format string security vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pidgin-otr/+bug/1000363/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs