Description of problem: A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use Version-Release number of selected component (if applicable): pidgin-2.7.11-1.mga1.src.rpm How reproducible: N/A Patches can be found here, unfortunate it affects a number of source files: http://developer.pidgin.im/viewmtn/revision/info/e802003adbf0be4496de3de8ac03b47c1e471d00 Possible update text: It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() used by Pidgin did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure, possibly having huge width and height, which could lead to the application being terminated due excessive memory use. This issue is identified at mitre.org by CVE-2011-2485. Updated packages correct this issue.
no interest in this, closing
Status: NEW => RESOLVEDResolution: (none) => OLD
Stew, I understand your frustration in the lack of follow up given to reported security problems, but I think closing security bugs which have not been solved is not the right way to go. Let's try to keep those issues on the radar at least.
Keywords: (none) => SecurityCC: (none) => remco