Pidgin 2.6.6 is fixing a remote crash bug in Finch (text-based client using libpurple). If someone changes nick to '<br>' in XMPP MUC (multi-user chat), it causes Finch to crash. Acknowledgements: Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting this issue.
Created attachment 394492 [details] Upstream patch to be included in 2.6.6 Additionally, following patch changes unescaping of <br> in libpurple: http://developer.pidgin.im/viewmtn/revision/info/0085c32abf29d034d30feef1ffb1d483e316a9a8 http://developer.pidgin.im/ticket/11318
Public now via: http://pidgin.im/news/security/
http://pidgin.im/news/security/?id=44
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html
pidgin-2.6.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/pidgin-2.6.6-1.fc12
pidgin-2.6.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.