Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols.
Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
All Pidgin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/pidgin-2.12.0"