The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog. External references: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html http://seclists.org/oss-sec/2016/q1/572 Upstream bug report: https://bugs.otr.im/issues/88 Upstream fix: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
Created pidgin-otr tracking bugs for this issue: Affects: fedora-all [bug 1316428] Affects: epel-6 [bug 1316429]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.