[ubuntu/intrepid-security] pidgin_2.5.2-0ubuntu1.6_powerpc_translations.tar.gz, pidgin_2.5.2-0ubuntu1.6_lpia_translations.tar.gz, pidgin_2.5.2-0ubuntu1.6_ia64_translations.tar.gz, pidgin, pidgin_2.5.2-0ubuntu1.6_amd64_translations.tar.gz, pidgin_2.5.2-0ubuntu1.6_i386_translations.tar.gz, pidgin_2.5.2-0ubuntu1.6_sparc_translations.tar.gz (delayed) 1:2.5.2-0ubuntu1.6 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jan 18 15:05:09 GMT 2010
- Previous message: [ubuntu/intrepid-security] transmission_1.34-0ubuntu2.3_sparc_translations.tar.gz (delayed), transmission, transmission_1.34-0ubuntu2.3_lpia_translations.tar.gz, transmission_1.34-0ubuntu2.3_i386_translations.tar.gz, transmission_1.34-0ubuntu2.3_hppa_translations.tar.gz, transmission_1.34-0ubuntu2.3_powerpc_translations.tar.gz, transmission_1.34-0ubuntu2.3_ia64_translations.tar.gz, transmission_1.34-0ubuntu2.3_amd64_translations.tar.gz 1.34-0ubuntu2.3 (Accepted)
- Next message: [ubuntu/intrepid-security] bind9_9.5.0.dfsg.P2-1ubuntu3.5_sparc_translations.tar.gz (delayed), bind9_9.5.0.dfsg.P2-1ubuntu3.5_amd64_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_lpia_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_hppa_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_i386_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_powerpc_translations.tar.gz, bind9, bind9_9.5.0.dfsg.P2-1ubuntu3.5_ia64_translations.tar.gz 1:9.5.0.dfsg.P2-1ubuntu3.5 (Accepted)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
pidgin (1:2.5.2-0ubuntu1.6) intrepid-security; urgency=low
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
- debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
libpurple/protocols/jabber/data.c.
- CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/91_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/92_security_CVE-2010-0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/msn/slp.c, backport purple_strequal in
libpurple/util.{c,h}.
- CVE-2010-0013
* WARNING: This package does not contain the changes from
1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.
Date: Thu, 14 Jan 2010 15:23:24 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/pidgin/1:2.5.2-0ubuntu1.6
-------------- next part --------------
Format: 1.8
Date: Thu, 14 Jan 2010 15:23:24 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source
Version: 1:2.5.2-0ubuntu1.6
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Launchpad-Bugs-Fixed: 501089
Changes:
pidgin (1:2.5.2-0ubuntu1.6) intrepid-security; urgency=low
.
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
- debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
libpurple/protocols/jabber/data.c.
- CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/91_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/92_security_CVE-2010-0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/msn/slp.c, backport purple_strequal in
libpurple/util.{c,h}.
- CVE-2010-0013
* WARNING: This package does not contain the changes from
1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.
Checksums-Sha1:
c634c4b902f064a92ae7fbda760d7fdb4cb3f898 1995 pidgin_2.5.2-0ubuntu1.6.dsc
d3376aba545c152dcc07ef32d7dcd50adcfd082a 65545 pidgin_2.5.2-0ubuntu1.6.diff.gz
Checksums-Sha256:
a9e3d30b3a24499b5797f0e061b19719912c5b8c4922b8935d8f9421d625734c 1995 pidgin_2.5.2-0ubuntu1.6.dsc
2091dea06787725d01048e2b7e381a4c3889ca8fa2783b66d16bfe16ed60e2c6 65545 pidgin_2.5.2-0ubuntu1.6.diff.gz
Files:
0272b5e9d66e3e3335d53fa9c7904168 1995 net optional pidgin_2.5.2-0ubuntu1.6.dsc
6b98b37df4c159ec62bc7ac63189eb3f 65545 net optional pidgin_2.5.2-0ubuntu1.6.diff.gz
Original-Maintainer: Robert McQueen <robot101 at debian.org>
- Previous message: [ubuntu/intrepid-security] transmission_1.34-0ubuntu2.3_sparc_translations.tar.gz (delayed), transmission, transmission_1.34-0ubuntu2.3_lpia_translations.tar.gz, transmission_1.34-0ubuntu2.3_i386_translations.tar.gz, transmission_1.34-0ubuntu2.3_hppa_translations.tar.gz, transmission_1.34-0ubuntu2.3_powerpc_translations.tar.gz, transmission_1.34-0ubuntu2.3_ia64_translations.tar.gz, transmission_1.34-0ubuntu2.3_amd64_translations.tar.gz 1.34-0ubuntu2.3 (Accepted)
- Next message: [ubuntu/intrepid-security] bind9_9.5.0.dfsg.P2-1ubuntu3.5_sparc_translations.tar.gz (delayed), bind9_9.5.0.dfsg.P2-1ubuntu3.5_amd64_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_lpia_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_hppa_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_i386_translations.tar.gz, bind9_9.5.0.dfsg.P2-1ubuntu3.5_powerpc_translations.tar.gz, bind9, bind9_9.5.0.dfsg.P2-1ubuntu3.5_ia64_translations.tar.gz 1:9.5.0.dfsg.P2-1ubuntu3.5 (Accepted)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Intrepid-changes
mailing list