Information on source package pidgin

Available versions

ReleaseVersion
jessie2.11.0-0+deb8u2
stretch2.12.0-1+deb9u1
buster2.13.0-2
bullseye2.14.1-1
bookworm2.14.12-1
trixie2.14.13-2
sid2.14.13-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-26491vulnerablefixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn issue was discovered in Pidgin before 2.14.9. A remote attacker who ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2012-1257vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablePidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...
CVE-2008-2956vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableMemory leak in Pidgin 2.0.0, and possibly other versions, allows remot ...

Resolved issues

BugDescription
CVE-2017-2640An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 ...
CVE-2016-1000030Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates ...
CVE-2016-4323A directory traversal exists in the handling of the MXIT protocol in P ...
CVE-2016-2380An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2378A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2377A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2376A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2375An exploitable out-of-bounds read exists in the handling of the MXIT p ...
CVE-2016-2374An exploitable memory corruption vulnerability exists in the handling ...
CVE-2016-2373A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2372An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2371An out-of-bounds write vulnerability exists in the handling of the MXI ...
CVE-2016-2370A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2369A NULL pointer dereference vulnerability exists in the handling of the ...
CVE-2016-2368Multiple memory corruption vulnerabilities exist in the handling of th ...
CVE-2016-2367An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2366A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2365A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2014-3698The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...
CVE-2014-3697Absolute path traversal vulnerability in the untar_block function in w ...
CVE-2014-3696nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidg ...
CVE-2014-3695markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.1 ...
CVE-2014-3694The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...
CVE-2014-0020The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...
CVE-2013-6490The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remot ...
CVE-2013-6489Integer signedness error in the MXit functionality in Pidgin before 2. ...
CVE-2013-6487Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...
CVE-2013-6486gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted rem ...
CVE-2013-6485Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...
CVE-2013-6484The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...
CVE-2013-6483The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...
CVE-2013-6482Pidgin before 2.10.8 allows remote MSN servers to cause a denial of se ...
CVE-2013-6481libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows rem ...
CVE-2013-6479util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...
CVE-2013-6478gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with un ...
CVE-2013-6477Multiple integer signedness errors in libpurple in Pidgin before 2.10. ...
CVE-2013-0274upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminat ...
CVE-2013-0273sametime.c in the Sametime protocol plugin in libpurple in Pidgin befo ...
CVE-2013-0272Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...
CVE-2013-0271The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might al ...
CVE-2012-6152The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does n ...
CVE-2012-3374Buffer overflow in markup.c in the MXit protocol plugin in libpurple i ...
CVE-2012-2318msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...
CVE-2012-2214proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...
CVE-2012-1178The msn_oim_report_to_user function in oim.c in the MSN protocol plugi ...
CVE-2011-4939The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...
CVE-2011-4922cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...
CVE-2011-4603The silc_channel_message function in ops.c in the SILC protocol plugin ...
CVE-2011-4602The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...
CVE-2011-4601family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin b ...
CVE-2011-3594The g_markup_escape_text function in the SILC protocol plug-in in libp ...
CVE-2011-3185gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted rem ...
CVE-2011-3184The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...
CVE-2011-2943The irc_msg_who function in msgs.c in the IRC protocol plugin in libpu ...
CVE-2011-1091libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 t ...
CVE-2010-4528directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7 ...
CVE-2010-3711libpurple in Pidgin before 2.7.4 does not properly validate the return ...
CVE-2010-2528The clientautoresp function in family_icbm.c in the oscar protocol plu ...
CVE-2010-1624The msn_emoticon_msg function in slp.c in the MSN protocol plugin in l ...
CVE-2010-0423gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...
CVE-2010-0420libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user cha ...
CVE-2010-0277slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...
CVE-2010-0013Directory traversal vulnerability in slp.c in the MSN protocol plugin ...
CVE-2009-3615The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adiu ...
CVE-2009-3085The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...
CVE-2009-3084The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...
CVE-2009-3083The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...
CVE-2009-3026protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly oth ...
CVE-2009-3025Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to c ...
CVE-2009-2703libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...
CVE-2009-2694The msn_slplink_process_msg function in libpurple/protocols/msn/slplin ...
CVE-2009-1889The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...
CVE-2009-1376Multiple integer overflows in the msn_slplink_process_msg functions in ...
CVE-2009-1375The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2 ...
CVE-2009-1374Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) ...
CVE-2009-1373Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (former ...
CVE-2008-3532The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certif ...
CVE-2008-2957The UPnP functionality in Pidgin 2.0.0, and possibly other versions, a ...
CVE-2008-2955Pidgin 2.4.1 allows remote attackers to cause a denial of service (cra ...
CVE-2008-2927Multiple integer overflows in the msn_slplink_process_msg functions in ...
CVE-2007-4999libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...
CVE-2007-4996libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge me ...

Security announcements

DSA / DLADescription
DLA-3043-1pidgin - security update
DLA-853-1pidgin - security update
DSA-3806-1pidgin - security update
DSA-3620-1pidgin - security update
DLA-542-1pidgin - security update
DSA-3055-1pidgin - security update
DSA-2859-2pidgin - security update
DSA-2859-1pidgin - several
DSA-2509-1pidgin - remote code execution
DSA-2038-1pidgin - denial of service
DSA-1932-1pidgin - arbitrary code execution
DSA-1870-1pidgin - insufficient input sanitization
DSA-1805-1pidgin - several vulnerabilities

Search for package or bug name: Reporting problems