slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different issue than CVE-2010-0013. Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2 Reference: MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://pidgin.im/news/security/?id=43
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html
pidgin-2.6.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/pidgin-2.6.6-1.fc12
This is not an issue for pidgin in Red Hat Enterprise Linux 3 due to the MSN protocol support in that version (1.5.1) is out-dated and no longer supported by MSN servers. We do not have any plans to backport MSN protocol changes to that version of Pidgin.
pidgin-2.6.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.