|
|
Log in / Subscribe / Register

pidgin: multiple vulnerabilities

Package(s):pidgin CVE #(s):CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698
Created:October 24, 2014 Updated:December 11, 2014
Description: From the Debian advisory:

CVE-2014-3694: It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates.

CVE-2014-3695: Yves Younan and Richard Johnson discovered that emotictons with overly large length values could crash Pidgin.

CVE-2014-3696: Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin.

CVE-2014-3698: Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure.

Alerts:
Slackware SSA:2014-344-05 pidgin 2014-12-10
openSUSE openSUSE-SU-2014:1397-1 pidgin 2014-11-12
openSUSE openSUSE-SU-2014:1376-1 pidgin 2014-11-10
Fedora FEDORA-2014-14069 pidgin 2014-11-10
Ubuntu USN-2390-1 pidgin 2014-10-28
Mageia MGASA-2014-0425 pidgin 2014-10-25
Debian DSA-3055-1 pidgin 2014-10-23
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds