pidgin - several

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol
instant messaging client:

• CVE-2013-6477
  Jaime Breva Ribes discovered that a remote XMPP user can trigger a
  crash by sending a message with a timestamp in the distant future.
• CVE-2013-6478
  Pidgin could be crashed through overly wide tooltip windows.
• CVE-2013-6479
  Jacob Appelbaum discovered that a malicious server or a man in the
  middle could send a malformed HTTP header resulting in denial of
  service.
• CVE-2013-6481
  Daniel Atallah discovered that Pidgin could be crashed through
  malformed Yahoo! P2P messages.
• CVE-2013-6482
  Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
  could be crashed through malformed MSN messages.
• CVE-2013-6483
  Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
  could be crashed through malformed XMPP messages.
• CVE-2013-6484
  It was discovered that incorrect error handling when reading the
  response from a STUN server could result in a crash.
• CVE-2013-6485
  Matt Jones discovered a buffer overflow in the parsing of malformed
  HTTP responses.
• CVE-2013-6487
  Yves Younan and Ryan Pentney discovered a buffer overflow when parsing
  Gadu-Gadu messages.
• CVE-2013-6489
  Yves Younan and Pawel Janic discovered an integer overflow when parsing
  MXit emoticons.
• CVE-2013-6490
  Yves Younan discovered a buffer overflow when parsing SIMPLE headers.
• CVE-2014-0020
  Daniel Atallah discovered that Pidgin could be crashed via malformed
  IRC arguments.

For the oldstable distribution (squeeze), no direct backport is provided.
A fixed package will be provided through backports.debian.org shortly.

For the stable distribution (wheezy), these problems have been fixed in
version 2.10.9-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2.10.9-1.

We recommend that you upgrade your pidgin packages.