Red Hat Bugzilla – Bug 565786
CVE-2010-0420 pidgin: Finch XMPP MUC Crash
Last modified: 2012-06-20 10:32:59 EDT
Pidgin 2.6.6 is fixing a remote crash bug in Finch (text-based client using libpurple). If someone changes nick to '<br>' in XMPP MUC (multi-user chat), it causes Finch to crash.
Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting this issue.
Created attachment 394492 [details]
Upstream patch to be included in 2.6.6
Additionally, following patch changes unescaping of <br> in libpurple:
Public now via:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html
pidgin-2.6.6-1.fc12 has been submitted as an update for Fedora 12.
pidgin-2.6.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.