libpurple -- multiple vulnerabilities

ID 549787C1-8916-11E2-8549-68B599B52A02
Type freebsd
Reporter FreeBSD
Modified 2013-03-16T00:00:00


Pidgin reports:

libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. Sametime Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.