[ubuntu/hardy-security] pidgin_2.4.1-1ubuntu2.10_amd64_translations.tar.gz, pidgin_2.4.1-1ubuntu2.10_powerpc_translations.tar.gz, pidgin_2.4.1-1ubuntu2.10_lpia_translations.tar.gz, pidgin_2.4.1-1ubuntu2.10_ia64_translations.tar.gz, pidgin, pidgin_2.4.1-1ubuntu2.10_hppa_translations.tar.gz, pidgin_2.4.1-1ubuntu2.10_i386_translations.tar.gz, pidgin_2.4.1-1ubuntu2.10_sparc_translations.tar.gz (delayed) 1:2.4.1-1ubuntu2.10 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Nov 4 13:10:04 GMT 2010 

pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711

Date: Wed, 03 Nov 2010 09:36:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/pidgin/1:2.4.1-1ubuntu2.10
-------------- next part --------------
Format: 1.7
Date: Wed, 03 Nov 2010 09:36:41 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin gaim
Architecture: source
Version: 1:2.4.1-1ubuntu2.10
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 gaim       - transitional package to Pidgin
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Launchpad-Bugs-Fixed: 666998
Changes: 
 pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via custom emoticon
     - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
       valid in libpurple/protocols/{msn,msnp9}/slp.c.
     - CVE-2010-1624
   * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
     - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
       purple_base64_decode return codes in libpurple/ntlm.c,
       libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
       myspace/message.c,yahoo/yahoo.c}.
     - CVE-2010-3711
Files: 
 e16088a49a79d90aa15cf6f40d8f89ce 2183 net optional pidgin_2.4.1-1ubuntu2.10.dsc
 5f4efde7ef31a8a9615d31919b821f08 147069 net optional pidgin_2.4.1-1ubuntu2.10.diff.gz
Original-Maintainer: Robert McQueen <robot101 at debian.org>

More information about the Hardy-changes mailing list