Published: 23 June 2016
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
CVSS 3 base score: 8.1
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 LTS (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
This patch doesn't enforce upper-limits; it seems insufficient to me.
patch listed in upstream avisory is wrong, it is actually the fix for CVE-2016-2369