[ubuntu/hardy-security] pidgin_2.4.1-1ubuntu2.8_i386_translations.tar.gz, pidgin_2.4.1-1ubuntu2.8_ia64_translations.tar.gz, pidgin_2.4.1-1ubuntu2.8_sparc_translations.tar.gz (delayed), pidgin, pidgin_2.4.1-1ubuntu2.8_powerpc_translations.tar.gz, pidgin_2.4.1-1ubuntu2.8_lpia_translations.tar.gz, pidgin_2.4.1-1ubuntu2.8_hppa_translations.tar.gz, pidgin_2.4.1-1ubuntu2.8_amd64_translations.tar.gz 1:2.4.1-1ubuntu2.8 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jan 18 15:05:47 GMT 2010
pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c and
libpurple/protocols/msnp9/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/90_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
- debian/patches/91_security_CVE-2008-2955-2.patch: change
src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_CVE-2009-1376.patch patch was incomplete
- debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
variable to guint64 in libpurple/protocols/msnp9/slplink.c.
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/patches/93_msn_protocol8.patch: use protocol v8 in
libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
by msn anymore.
Date: Fri, 15 Jan 2010 12:56:44 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/pidgin/1:2.4.1-1ubuntu2.8
-------------- next part --------------
Format: 1.7
Date: Fri, 15 Jan 2010 12:56:44 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin gaim
Architecture: source
Version: 1:2.4.1-1ubuntu2.8
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
gaim - transitional package to Pidgin
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Launchpad-Bugs-Fixed: 245769 494002
Changes:
pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c and
libpurple/protocols/msnp9/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/90_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
- debian/patches/91_security_CVE-2008-2955-2.patch: change
src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_CVE-2009-1376.patch patch was incomplete
- debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
variable to guint64 in libpurple/protocols/msnp9/slplink.c.
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/patches/93_msn_protocol8.patch: use protocol v8 in
libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
by msn anymore.
Files:
45ccb8c6d8abc66534202310a6953d8f 1540 net optional pidgin_2.4.1-1ubuntu2.8.dsc
377565d6f9785cd8a299214f30b36a1f 141994 net optional pidgin_2.4.1-1ubuntu2.8.diff.gz
Original-Maintainer: Robert McQueen <robot101 at debian.org>
More information about the Hardy-changes
mailing list