Bug 910042 (CVE-2013-0274)
Summary: | CVE-2013-0274 pidgin: missing nul termination of long values in UPnP responses | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | jrb, mbarnes, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | pidgin 2.10.7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-03-14 16:52:55 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 910651, 910652, 910653, 910654, 910826 | ||||||
Bug Blocks: | 909372 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2013-02-11 16:50:26 UTC
Created attachment 696218 [details] Local copy of (by Pidgin upstream) proposed patch to fix the CVE-2013-0274 issue This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the pidgin package, as shipped with Fedora release of 16, 17, and 18. Created pidgin tracking bugs for this issue Affects: fedora-all [bug 910826] External References: http://www.pidgin.im/news/security/?id=68 Upstream patch: http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3 Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0646 https://rhn.redhat.com/errata/RHSA-2013-0646.html |