[ubuntu/hardy-security] pidgin_2.4.1-1ubuntu2.9_sparc_translations.tar.gz (delayed), pidgin_2.4.1-1ubuntu2.9_hppa_translations.tar.gz, pidgin_2.4.1-1ubuntu2.9_i386_translations.tar.gz, pidgin_2.4.1-1ubuntu2.9_amd64_translations.tar.gz, pidgin, pidgin_2.4.1-1ubuntu2.9_lpia_translations.tar.gz, pidgin_2.4.1-1ubuntu2.9_ia64_translations.tar.gz, pidgin_2.4.1-1ubuntu2.9_powerpc_translations.tar.gz 1:2.4.1-1ubuntu2.9 (Accepted)

[Ubuntu Installer]

pidgin (1:2.4.1-1ubuntu2.9) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/94_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

Date: Thu, 18 Feb 2010 14:57:08 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/pidgin/1:2.4.1-1ubuntu2.9
-------------- next part --------------
Format: 1.7
Date: Thu, 18 Feb 2010 14:57:08 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin gaim
Architecture: source
Version: 1:2.4.1-1ubuntu2.9
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 gaim       - transitional package to Pidgin
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Changes: 
 pidgin (1:2.4.1-1ubuntu2.9) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via malformed SLP message
     - debian/patches/94_security_CVE-2010-0277.patch: validate input in
       libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
     - CVE-2010-0277
   * SECURITY UPDATE: denial of service via certain nicknames in Finch
     - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
       text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
       libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
     - CVE-2010-0420
   * SECURITY UPDATE: denial of service via large number of smileys
     - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
       smileys in pidgin/gtkimhtml.c.
     - CVE-2010-0423
Files: 
 ce83995281bc188714dcce63bb5dc4b9 1541 net optional pidgin_2.4.1-1ubuntu2.9.dsc
 2b544831e8de16fc577a725795c992ec 145254 net optional pidgin_2.4.1-1ubuntu2.9.diff.gz
Original-Maintainer: Robert McQueen <robot101 at debian.org>