1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2476-1] pidgin-otr security update

    From Jonathan Wiltshire@1:229/2 to All on Sat May 19 21:40:01 2012
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2476-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire
    May 19, 2012 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pidgin-otr
    Vulnerability : format string vulnerability
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-2369
    Debian Bug : 673154

    intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin.

    This could be exploited by a remote attacker to cause arbitrary code to
    be executed on the user's machine.

    The problem is only in pidgin-otr. Other applications which use libotr are
    not affected.

    For the stable distribution (squeeze), this problem has been fixed in
    version 3.2.0-5+squeeze1.

    For the testing distribution (wheezy), this problem has been fixed in
    version 3.2.1-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.2.1-1.

    We recommend that you upgrade your pidgin-otr packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJPt/OHAAoJEL97/wQC1SS+lH0IAIunPaG8K1FkRvp/HWeqAXHG PeWKPCgeSw6bl5Ab5zQuaZLhCT3XLYLJJq+wKm6sEaTlFstA3C7Tcf8b+n802+yP HXueDzn+J4wYhBD6l+R8xfPYkFUqnkjMIqVYoEvpEjbCTCBUhDep/vtzOOh3ZL8y Iz0Hgun1CL186o1p4SCNd8irLfmxUg41vOob8+XTLNKYUxDyomLk9p111f8i62wV AWOqGJ+AEzY2Ni6ThFNJdnbm2ThFfOfgS8TK3r3331PX9+eHpfR3+cxIBGZ+3dtu Ox7qkDd6c/Ko7cLqkiT6A/DHYZ98p1KxEDqS5eTcTwTOyL+GE7s1cJMsSApCAdw=
    =gcop
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)