FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
59e7af2d-8db7-11de-883b-001e3300a30d	pidgin -- MSN overflow parsing SLP messages Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected. Discovery 2009-08-18 Entry 2009-08-20 pidgin libpurple finch < 2.5.9 CVE-2009-2694 http://secunia.com/advisories/36384/ http://www.pidgin.im/news/security/?id=34
b1ca65e6-5aaf-11de-bc9b-0030843d3802	pidgin -- multiple vulnerabilities Secunia reports: Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow. A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets. A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet. Discovery 2009-06-03 Entry 2009-06-16 pidgin libpurple finch < 2.5.6 35067 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 CVE-2009-1376 http://secunia.com/advisories/35194/ http://www.pidgin.im/news/security/?id=29 http://www.pidgin.im/news/security/?id=30 http://www.pidgin.im/news/security/?id=32

VuXML ID

Description

59e7af2d-8db7-11de-883b-001e3300a30d

pidgin -- MSN overflow parsing SLP messages

Secunia reports:

A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected.

Discovery 2009-08-18
Entry 2009-08-20
pidgin
libpurple
finch

< 2.5.9

CVE-2009-2694
http://secunia.com/advisories/36384/
http://www.pidgin.im/news/security/?id=34

b1ca65e6-5aaf-11de-bc9b-0030843d3802

pidgin -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.

A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.

A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.

A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.

A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.

Discovery 2009-06-03
Entry 2009-06-16
pidgin
libpurple
finch

< 2.5.6

35067
CVE-2009-1373
CVE-2009-1374
CVE-2009-1375
CVE-2009-1376
http://secunia.com/advisories/35194/
http://www.pidgin.im/news/security/?id=29
http://www.pidgin.im/news/security/?id=30
http://www.pidgin.im/news/security/?id=32