Debian: DSA-3528-1: pidgin-otr security update
Debian: DSA-3528-1: pidgin-otr security update
Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3528-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond March 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pidgin-otr CVE ID : CVE-2015-8833 Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service. For the stable distribution (jessie), this problem has been fixed in version 4.0.1-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 4.0.2-1. We recommend that you upgrade your pidgin-otr packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.