Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3698

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

Related bugs and status

CVE-2014-3698 (Candidate) is related to these bugs:

Bug #1386410: Pidgin needs an update/patch

Summary				In	Importance	Status
	1386410	Pidgin needs an update/patch		pidgin (Ubuntu)	Undecided	Fix Released

Bug #1465052: pidgin 1.2.11 backport required

Summary				In	Importance	Status
	1465052	pidgin 1.2.11 backport required		pidgin (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
DEBIAN: DSA-3055
UBUNTU: USN-2390-1
SUSE: openSUSE-SU-2014:1376
SECUNIA: 60741
SECUNIA: 61968
SUSE: openSUSE-SU-2014:1397
REDHAT: RHSA-2017:1854