CVE-2010-0420

Publication date 18 February 2010

Last updated 24 July 2024

Ubuntu priority

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pidgin	9.10 karmic	Fixed 1:2.6.2-1ubuntu7.2
	9.04 jaunty	Fixed 1:2.5.5-1ubuntu8.6
	8.10 intrepid	Fixed 1:2.5.2-0ubuntu1.7
	8.04 LTS hardy	Fixed 1:2.4.1-1ubuntu2.9
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Upstream: http://developer.pidgin.im/viewmtn/revision/info/0085c32abf29d034d30feef1ffb1d483e316a9a8 Upstream: http://developer.pidgin.im/viewmtn/revision/info/ab4716ed6857f669ceb0296e5480729aafba2e9f

References

Related Ubuntu Security Notices (USN)

USN-902-1
Pidgin vulnerabilities
22 February 2010

CVE-2010-0420

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references