Red Hat Bugzilla – Bug 910041
CVE-2013-0273 pidgin: Meanwhile protocol missing nul termination of long Lotus Sametime usernames
Last modified: 2014-09-13 15:00:14 EDT
A security flaw was found in the way Lotus Sametime support implementation of Meanwhile protocol plug-in of libPurple normalized overly long Sametime user names. A rogue server could send a specially-crafted Sametime user name that, when processed by Pidgin would lead to pidgin executable crash.
Created attachment 696217 [details]
Local copy of (by Pidgin upstream) proposed patch to fix the CVE-2013-0273 issue
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the pidgin package, as shipped with Fedora release of 16, 17, and 18.
Created pidgin tracking bugs for this issue
Affects: fedora-all [bug 910826]
Red Hat would like to thank the Pidgin project for reporting this issue.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2013:0646 https://rhn.redhat.com/errata/RHSA-2013-0646.html