Hopefully this get gets uploaded to repository ASAP!
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in
libpurple in Pidgin before 2.7.0 allows remote attackers to cause
a denial of service (application crash) via a custom emoticon in a
malformed SLP message.
It is strongly suggested that users drop Pidgin's 2.6 ... and upgrade!