Pidgin is a multi-protocol Internet Messaging client.
An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2008-2927)
Note: the default Pidgin privacy setting only allows messages from users in the buddy list. This prevents arbitrary MSN users from exploiting this flaw.
This update also addresses the following bug:
All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues.