diff -up pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/simple.c

--- pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490	2013-02-11 04:16:52.000000000 -0500

+++ pidgin-2.10.7/libpurple/protocols/simple/simple.c	2014-01-29 22:27:25.222516679 -0500

@@ -1640,7 +1640,7 @@ static void process_input(struct simple_

 		cur += 2;

 		restlen = conn->inbufused - (cur - conn->inbuf);

 		if(restlen >= msg->bodylen) {

-			dummy = g_malloc(msg->bodylen + 1);

+			dummy = g_new(char, msg->bodylen + 1);

 			memcpy(dummy, cur, msg->bodylen);

 			dummy[msg->bodylen] = '\0';

 			msg->body = dummy;

diff -up pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c

--- pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490	2013-02-11 04:16:52.000000000 -0500

+++ pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c	2014-01-29 22:27:25.223516732 -0500

@@ -114,6 +114,11 @@ struct sipmsg *sipmsg_parse_header(const

 	tmp2 = sipmsg_find_header(msg, "Content-Length");

 	if (tmp2 != NULL)

 		msg->bodylen = strtol(tmp2, NULL, 10);

+	if (msg->bodylen < 0) {

+		purple_debug_warning("simple", "Invalid body length: %d",

+			msg->bodylen);

+		msg->bodylen = 0;

+	}

 	if(msg->response) {

 		tmp2 = sipmsg_find_header(msg, "CSeq");