Bugzilla – Bug 991686
VUL-0: CVE-2016-2376: pidgin: MXIT read stage 0x3 Code Execution Vulnerability
Last modified: 2018-06-11 14:39:13 UTC
rh#1348848 A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow. External references: http://www.talosintel.com/reports/TALOS-2016-0118/ http://www.pidgin.im/news/security/?id=92 Upstream fix: https://bitbucket.org/pidgin/main/commits/19f89eda8587 https://bugzilla.redhat.com/show_bug.cgi?id=1348848
in sle11 and sle12.
bugbot adjusting priority
With Mxit officially shut down its services in 2016 and pidgin dropped support to the protocol since 2.12. Efforts to backport the fix won't make much sense. Discussed with Johannes and decided to close this as WONTFIX.