[3.1] pidgin-otr: heap use after free vulnerability (CVE-2015-8833)
The pidgin-otr plugin version 4.0.2 fixes a heap use after free error.
The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog.
References:
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
http://www.openwall.com/lists/oss-security/2016/03/09/8
Commit / fix:
(from redmine: issue id 5431, created on 2016-04-18, closed on 2016-05-10)
- Relations:
- parent #5428 (closed)
- Changesets:
- Revision c74c7bc2 on 2016-05-05T10:02:29Z:
main/pidgin-otr: security upgrade to 4.0.2 (CVE-2015-8833). Fixes #5431
(cherry picked from commit f19e408cd97572c48ab57f020aeb8d62acf50e12)