A security flaw was found in the way Lotus Sametime support implementation of Meanwhile protocol plug-in of libPurple normalized overly long Sametime user names. A rogue server could send a specially-crafted Sametime user name that, when processed by Pidgin would lead to pidgin executable crash. Upstream ticket: [1] http://pidgin.im/news/security/?id=67
Created attachment 696217 [details] Local copy of (by Pidgin upstream) proposed patch to fix the CVE-2013-0273 issue
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the pidgin package, as shipped with Fedora release of 16, 17, and 18.
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 910826]
External References: http://www.pidgin.im/news/security/?id=67
Upstream patch: http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd
Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0646 https://rhn.redhat.com/errata/RHSA-2013-0646.html