MGASA-2012-0140
| Date: | July 9th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated pidgin-otr package fixes security vulnerability:
Format string vulnerability in the log_message_cb function in
otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin
before 3.2.1 for Pidgin might allow remote attackers to execute
arbitrary code via format string specifiers in data that generates
a log message (CVE-2012-2369).
libotr has also been updated to remove the .la file from the -devel
package, so that pidgin-otr will build correctly.
Updated Packages:
Mageia 1:
pidgin-otr-3.2.0-3.1.mga1
lib(64)otr2-3.2.0-5.1.mga1
lib(64)otr-devel-3.2.0-5.1.mga1
libotr-utils-3.2.0-5.1.mga1
Mageia 2:
pidgin-otr-3.2.0-3.1.mga2
lib(64)otr2-3.2.0-5.1.mga2
lib(64)otr-devel-3.2.0-5.1.mga2
libotr-utils-3.2.0-5.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2369
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080621.html
https://bugs.mageia.org/show_bug.cgi?id=6007
