diff -up pidgin-2.10.7/libpurple/conversation.c.CVE-2013-6477 pidgin-2.10.7/libpurple/conversation.c
--- pidgin-2.10.7/libpurple/conversation.c.CVE-2013-6477	2013-02-11 04:16:51.000000000 -0500
+++ pidgin-2.10.7/libpurple/conversation.c	2014-01-29 20:17:16.584055979 -0500
@@ -1551,6 +1551,14 @@ purple_conv_chat_write(PurpleConvChat *c
 	if (purple_conv_chat_is_user_ignored(chat, who))
 		return;
 
+	if (mtime < 0) {
+		purple_debug_error("conversation",
+				"purple_conv_chat_write ignoring negative timestamp\n");
+		/* TODO: Would be more appropriate to use a value that indicates
+		   that the timestamp is unknown, and surface that in the UI. */
+		mtime = time(NULL);
+	}
+
 	if (!(flags & PURPLE_MESSAGE_WHISPER)) {
 		const char *str;
 
diff -up pidgin-2.10.7/libpurple/log.c.CVE-2013-6477 pidgin-2.10.7/libpurple/log.c
--- pidgin-2.10.7/libpurple/log.c.CVE-2013-6477	2013-02-11 04:16:51.000000000 -0500
+++ pidgin-2.10.7/libpurple/log.c	2014-01-29 20:17:16.584055979 -0500
@@ -753,7 +753,7 @@ static char *log_get_timestamp(PurpleLog
 {
 	gboolean show_date;
 	char *date;
-	struct tm tm;
+	struct tm *tm;
 
 	show_date = (log->type == PURPLE_LOG_SYSTEM) || (time(NULL) > when + 20*60);
 
@@ -763,11 +763,11 @@ static char *log_get_timestamp(PurpleLog
 	if (date != NULL)
 		return date;
 
-	tm = *(localtime(&when));
+	tm = localtime(&when);
 	if (show_date)
-		return g_strdup(purple_date_format_long(&tm));
+		return g_strdup(purple_date_format_long(tm));
 	else
-		return g_strdup(purple_time_format(&tm));
+		return g_strdup(purple_time_format(tm));
 }
 
 /* NOTE: This can return msg (which you may or may not want to g_free())
diff -up pidgin-2.10.7/libpurple/server.c.CVE-2013-6477 pidgin-2.10.7/libpurple/server.c
--- pidgin-2.10.7/libpurple/server.c.CVE-2013-6477	2013-02-11 04:16:53.000000000 -0500
+++ pidgin-2.10.7/libpurple/server.c	2014-01-29 20:17:16.585055993 -0500
@@ -567,6 +567,14 @@ void serv_got_im(PurpleConnection *gc, c
 
 	account  = purple_connection_get_account(gc);
 
+	if (mtime < 0) {
+		purple_debug_error("server",
+				"serv_got_im ignoring negative timestamp\n");
+		/* TODO: Would be more appropriate to use a value that indicates
+		   that the timestamp is unknown, and surface that in the UI. */
+		mtime = time(NULL);
+	}
+
 	/*
 	 * XXX: Should we be setting this here, or relying on prpls to set it?
 	 */
@@ -905,6 +913,14 @@ void serv_got_chat_in(PurpleConnection *
 	g_return_if_fail(who != NULL);
 	g_return_if_fail(message != NULL);
 
+	if (mtime < 0) {
+		purple_debug_error("server",
+				"serv_got_chat_in ignoring negative timestamp\n");
+		/* TODO: Would be more appropriate to use a value that indicates
+		   that the timestamp is unknown, and surface that in the UI. */
+		mtime = time(NULL);
+	}
+
 	for (bcs = g->buddy_chats; bcs != NULL; bcs = bcs->next) {
 		conv = (PurpleConversation *)bcs->data;