CVE-2010-0277

Name	CVE-2010-0277
Description	slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2038-1
Debian Bugs	566775, 572946

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
pidgin (PTS)	jessie, jessie (lts)	2.11.0-0+deb8u2	fixed
	stretch (security), stretch (lts), stretch	2.12.0-1+deb9u1	fixed
	buster	2.13.0-2	fixed
	bullseye	2.14.1-1	fixed
	bookworm	2.14.12-1	fixed
	sid, trixie	2.14.13-2	fixed
qutecom (PTS)	jessie	2.2.1+dfsg1-5.2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gaim	source	lenny	(not affected)
gaim	source	(unstable)	(unfixed)	low
pidgin	source	lenny	2.4.3-4lenny6		DSA-2038-1
pidgin	source	(unstable)	2.6.6-1	low		566775
qutecom	source	(unstable)	2.2~rc3.hg396~dfsg1-6	low		572946

[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)