Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695 Yves Younan and Richard Johnson discovered that emoticons with overly large length values could crash Pidgin. CVE-2014-3696 Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin. CVE-2014-3698 Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure. For the stable distribution (wheezy), these problems have been fixed in version 2.10.10-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2.10.10-1. We recommend that you upgrade your pidgin packages.
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:
It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates.
Yves Younan and Richard Johnson discovered that emoticons with overly large length values could crash Pidgin.
Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin.
Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure.
For the stable distribution (wheezy), these problems have been fixed in version 2.10.10-1~deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 2.10.10-1.
We recommend that you upgrade your pidgin packages.